hackernews
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill reads raw usernames and passwords from a local file (
community-pulse/skills/hackernews/.env.profiles.local). Storing and accessing unencrypted secrets on the filesystem is a high-severity security risk. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection because it processes untrusted content from Hacker News to draft responses. * Ingestion points: Thread data (titles and comments) is ingested in
research.mdusing browser tools. * Boundary markers: Absent; there are no delimiters to separate untrusted data from the agent's instructions. * Capability inventory: The skill uses Browser MCP tools (navigate,form_input,computer) to perform actions based on the processed data. * Sanitization: No sanitization or validation of external web content is mentioned in the skill definition.
Recommendations
- AI detected serious security threats
Audit Metadata