summarize-hacker-news
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command combining curl and python3 to retrieve and parse JSON data from the Hacker News API.
- [EXTERNAL_DOWNLOADS]: Connects to hn.algolia.com to fetch story metadata. This is a well-known service for Hacker News data.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection.
- Ingestion points: Metadata from the Algolia API and full article content retrieved via the read_webpage tool.
- Boundary markers: Absent; there are no instructions to the agent to ignore or delimit potentially malicious instructions within the external content.
- Capability inventory: The agent can execute shell commands, read arbitrary webpages, and send emails to the user.
- Sanitization: Absent; external content is processed and included in email summaries without validation or sanitization.
Recommendations
- HIGH: Downloads and executes remote code from: https://hn.algolia.com/api/v1/search?tags=front_page - DO NOT USE without thorough review
Audit Metadata