feed-ft

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches headlines and metadata from the Financial Times RSS feeds and retrieves content from well-known archival services like the Internet Archive.
  • [COMMAND_EXECUTION]: Provides guidance on using the curl utility to retrieve data from web archives.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external news feeds and archives, which constitutes an indirect prompt injection surface.
  • Ingestion points: SKILL.md identifies ft.com and web.archive.org as sources for external data ingestion.
  • Boundary markers: None present; the skill normalizes content into JSON records without specific delimiters to isolate external text from agent instructions.
  • Capability inventory: The skill utilizes shell commands (curl), browser automation tools (chrome-use), and network fetching tools (web_fetch).
  • Sanitization: Includes logic to strip UTM tracking parameters from URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — feed-ft