daily-ai-news
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and summarizes untrusted data from the internet.
- Ingestion points: Phase 1 (Step 1.1 and 1.3) uses
mcp__web_reader__webReaderto fetch full article content from external URLs andWebSearchresults into the agent's context. - Boundary markers: Absent. The instructions do not specify using delimiters or explicit warnings to the model to ignore instructions embedded within the fetched news articles.
- Capability inventory: The skill utilizes
WebSearchandmcp__web_reader__webReader. It does not possess high-risk capabilities such as arbitrary command execution, file system modification, or credential access. - Sanitization: Absent. There is no logic provided to sanitize or filter the fetched web content for prompt injection patterns before processing it for summarization.
Audit Metadata