Skills
skills/kirkluokun/awesome-a-stock-openclawskills/newsapi-search/Gen Agent Trust Hub

newsapi-search

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it fetches and processes third-party data from the NewsAPI service.
  • Ingestion points: News article titles, descriptions, and content are fetched from https://newsapi.org/v2/everything and https://newsapi.org/v2/top-headlines via scripts/search.js.
  • Boundary markers: The skill does not implement boundary markers or instructions to the agent to ignore embedded commands within the fetched news data.
  • Capability inventory: The skill includes file system read access (to .env files for configuration) and outbound network access to the NewsAPI domain. It does not possess arbitrary command execution or file-write capabilities.
  • Sanitization: There is no sanitization or filtering of the retrieved article content to prevent the inclusion of malicious prompts before the data is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 06:39 PM