blog-feed-monitor
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows standard security practices for agent extensions by using environment variables (APIFY_API_TOKEN, GOOSEWORKS_API_KEY) for authentication. Its operations are limited to intended content scraping and it does not request excessive system permissions or perform unauthorized file operations.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted content from external URLs. This is a common characteristic of web-scraping tools. * Ingestion points: scripts/scrape_blogs.py fetches data from user-supplied URLs and discovered RSS/Atom feed endpoints. * Boundary markers: Scraped content is returned in structured JSON or human-readable tables but does not use specific isolation delimiters or instructions to the agent to disregard embedded commands. * Capability inventory: The skill's capabilities are restricted to network requests (requests library) and standard output; it cannot execute shell commands or write to the local filesystem. * Sanitization: The tool uses xml.etree.ElementTree for parsing XML feeds. While it handles basic structure, it does not perform semantic sanitization or instruction filtering on the extracted text content.
Audit Metadata