blogwatcher
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches pre-compiled binaries and Docker images from an unverified GitHub repository (
github.com/JulienTant/blogwatcher-cli) and the GitHub Container Registry. - [COMMAND_EXECUTION]: Instructs the user to install the tool by extracting binaries directly into
/usr/local/bin, a privileged system path. It also performs filesystem operations like moving database files in the user's home directory (mv ~/.blogwatcher/blogwatcher.db ~/.blogwatcher-cli/blogwatcher-cli.db). - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The tool consumes and displays data from untrusted external sources, specifically RSS and Atom feeds, during the
scanandarticlescommands (defined in SKILL.md). - Boundary markers: No boundary markers or instructions are provided to help the agent distinguish between tool output and instructions embedded within the feed content.
- Capability inventory: The tool performs network operations and local filesystem writes (SQLite database), which could be manipulated if an agent follows instructions from a malicious feed.
- Sanitization: There is no documented validation or sanitization of the feed content before it is presented to the agent.
Audit Metadata