blog-feed-monitor

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill follows standard security practices for agent extensions by using environment variables (APIFY_API_TOKEN, GOOSEWORKS_API_KEY) for authentication. Its operations are limited to intended content scraping and it does not request excessive system permissions or perform unauthorized file operations.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted content from external URLs. This is a common characteristic of web-scraping tools. * Ingestion points: scripts/scrape_blogs.py fetches data from user-supplied URLs and discovered RSS/Atom feed endpoints. * Boundary markers: Scraped content is returned in structured JSON or human-readable tables but does not use specific isolation delimiters or instructions to the agent to disregard embedded commands. * Capability inventory: The skill's capabilities are restricted to network requests (requests library) and standard output; it cannot execute shell commands or write to the local filesystem. * Sanitization: The tool uses xml.etree.ElementTree for parsing XML feeds. While it handles basic structure, it does not perform semantic sanitization or instruction filtering on the extracted text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:07 PM
Security Audit — agent-trust-hub — blog-feed-monitor