narrative-news

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates entirely within its stated purpose of crypto news aggregation. Analysis of the scripts and instructions reveals no malicious intent, obfuscation, or unauthorized data access.
  • [COMMAND_EXECUTION]: The skill utilizes local Python scripts (news_fetch.py and news_store.py) located within the skill's internal directory structure (.agents/skills/crypto-news-store/) to manage data orchestration and a local SQLite database. This is standard behavior for skill-based automation.
  • [EXTERNAL_DOWNLOADS]: Content is retrieved from well-known technology and financial news services (including Bloomberg, Financial Times, Wall Street Journal, and specialized crypto outlets like Coindesk and Cointelegraph). These are reputable sources and the downloads are necessary for the skill's primary function.
  • [PROMPT_INJECTION]: The skill processes external content which presents an inherent surface for indirect prompt injection. However, the risk is mitigated by explicit instructions to remain 'data-only', 'never fabricate', and to output results in a highly structured JSON format, which prevents untrusted data from influencing the agent's core logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — narrative-news