newsletter-sponsorship-finder
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it fetches and processes untrusted content from external newsletter websites and directories (Substack, Swapstack, Paved). Malicious instructions embedded in these third-party pages could potentially influence the agent's behavior during the data enrichment phase.
- Ingestion points: WebSearch results and WebFetch content from newsletter landing pages and 'About' sections.
- Boundary markers: None present to distinguish between instructions and fetched data.
- Capability inventory: File writing (saving results), network access (WebSearch/WebFetch), and local script execution.
- Sanitization: No explicit sanitization or filtering is performed on the content retrieved from external sites.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'requests' Python library using 'pip3 install'. This is a well-known, standard library used for making HTTP requests.
- [COMMAND_EXECUTION]: The skill executes a local helper script 'scripts/search_newsletters.py' to query the Substack API. This script is part of the skill package and performs a specific, transparent task of retrieving and formatting newsletter metadata.
Audit Metadata