Skills
skills/ggprompts/htmlstyleguides/news/Gen Agent Trust Hub

news

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill automates the storage of GitHub authentication tokens in plain text on the local filesystem.
  • Evidence: Phase 4 executes a command to pipe the output of gh auth token into ~/.git-credentials.
  • Risk: Storing credentials in plain text in a standard location like ~/.git-credentials makes them accessible to other processes or users on the system, increasing the risk of credential theft.
  • [COMMAND_EXECUTION]: The skill performs shell commands to modify global git configurations and push updates to a remote repository.
  • Evidence: Uses git config --global credential.helper store and git push origin main in Phase 4.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from WebSearch results into its editorial process and final output.
  • Ingestion points: News summaries, trending repository descriptions, and changelog data retrieved via 6 parallel sonnet subagents using WebSearch (Phase 1).
  • Boundary markers: None. There are no instructions to the subagents or the editorial agent to ignore instructions embedded within the scraped content.
  • Capability inventory: File writing (news/{date}/index.html), Git commit, and Git push.
  • Sanitization: The skill lacks explicit sanitization or escaping of the retrieved web content before embedding it into the HTML structure of the newspaper edition, which could also lead to Cross-Site Scripting (XSS) in the generated pages.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 02:15 AM