rust-daily
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill fetches data from attacker-controllable sources such as Reddit post titles and community blogs.
- Ingestion points: The skill uses
agent-browserandWebFetchto scrape content fromreddit.com,this-week-in-rust.org, andrustfoundation.org. - Boundary markers: No explicit delimiters or sanitization logic is present to isolate external content from the agent's instructions.
- Capability inventory: The skill possesses the capability to spawn a
general-purposesubagent (Task) and execute browser-based CLI commands. - Sanitization: There is no evidence of filtering or escaping logic for the retrieved data before it is formatted and presented to the agent or user.
- Path Traversal / Local File Access (MEDIUM): The skill attempts to read execution logic from
../../agents/rust-daily-reporter.md. Accessing files using relative paths outside the immediate skill directory is a risk factor that could be exploited to load unauthorized agent configurations if the environment is not properly sandboxed. - Command Execution (LOW): The skill utilizes the
agent-browserCLI andmcp__actionbooktools to perform its tasks. While the target URLs are currently limited to well-known domains, the reliance on shell-like command execution for data retrieval increases the attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata