news-summary
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the AI agent to use shell commands like 'kill -9' and 'taskkill /F' to terminate processes based on port usage. This is a high-risk capability that could be abused via prompt injection to shut down arbitrary system services or security software.
- [PROMPT_INJECTION] (LOW): The skill has a significant indirect prompt injection surface. It fetches untrusted news data from the web and feeds it back into the LLM (via Claude Code CLI) for 'AI Analysis'. Malicious instructions embedded in news articles could hijack the agent's logic during this phase.
- [COMMAND_EXECUTION] (MEDIUM): The skill automatically launches the system's default browser using commands like 'Start-Process' or 'open' pointing to a locally hosted server. This pattern can be exploited to open malicious URLs if the search results or topic parameters are manipulated.
- [DATA_EXPOSURE] (LOW): The skill initiates a local Node.js server on port 3456. Without seeing the 'server.js' implementation, it is unclear if the server has proper authentication or CORS protections to prevent other local processes or malicious websites from accessing the summarized news data or triggering the AI analysis endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata