ai-architect-newsletter
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the web via the
WebSearchtool and processes it into a newsletter. - Ingestion points: Web results from various AI news sources and research blogs are processed automatically.
- Boundary markers: The skill uses markdown templates to structure output, but lacks explicit instructions to ignore embedded commands within the ingested news data.
- Capability inventory: The agent can execute shell commands (
npx tsx), write to the local file system, and perform network uploads to a CDN. - Sanitization: No explicit sanitization or validation of the fetched web content is described.
- [COMMAND_EXECUTION]: The skill documentation references the execution of local TypeScript scripts (
gather-ai-news.ts,process-research.ts,generate-newsletter.ts,optimize-images.ts) usingnpx tsxand system utilities likepngquant. These operations are used for content gathering, templating, and image processing. - [DATA_EXFILTRATION]: The
optimize-images.tsscript is described as having the capability to upload large images to a CDN and generate links. While this is a network operation that sends data externally, it is presented as a functional requirement for image hosting in newsletters.
Audit Metadata