Skills
skills/gooseworks-ai/goose-skills/blog-feed-monitor/Gen Agent Trust Hub

blog-feed-monitor

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary external URLs provided by the user to discover and parse RSS/Atom feeds in scripts/scrape_blogs.py.\n- [EXTERNAL_DOWNLOADS]: It communicates with external APIs including api.apify.com and the vendor-specific proxy at api.gooseworks.ai to perform scraping tasks.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites, creating a surface for indirect prompt injection.\n
  • Ingestion points: Raw HTML and XML content is fetched from external blog URLs in scripts/scrape_blogs.py.\n
  • Boundary markers: The script does not wrap the scraped text in delimiters or provide specific instructions for the agent to treat the data as untrusted.\n
  • Capability inventory: The script uses the requests library for network access and writes the scraped content to stdout for processing by the agent.\n
  • Sanitization: No filtering or sanitization is performed on the scraped titles, descriptions, or content before it is passed to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM