The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from 84+ external news engines, which presents a surface for indirect prompt injection attacks.
Ingestion points: External content including article titles, full content, and summaries are retrieved through the ai.6551.io API via tools like get_latest_news, search_news, and WebSocket updates.
Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions when presenting this data to the agent, which is a standard risk for data aggregation skills.
Capability inventory: The skill provides data discovery and filtering capabilities; the executing environment (like Claude Desktop) manages system-level tool access.
Sanitization: There is no description of sanitization or filtering of the fetched news content to prevent adversarial instructions embedded in the articles from being followed by the agent.
[SAFE]: The skill handles authentication securely by instructing users to use environment variables for the OPENNEWS_TOKEN rather than hardcoding credentials. It interacts with the vendor's documented infrastructure at 6551.io and ai.6551.io.

opennews-mcp-news-aggregation