event-sources
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to automate content extraction and database searches. This includes standard usage of the
bunandqurltools, including benign shell substitutions such as$(date '+%B %Y')to facilitate date-based queries. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading content from well-known event platforms and official Berlin tourism and institutional websites. These sources are reputable and aligned with the skill's goal of event discovery.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites, creating a surface for indirect prompt injection. However, this is inherent to its data aggregation purpose and involves trustworthy sources. The analysis noted the following factors:
- Ingestion points: External event websites and RSS feeds listed in
references/sources.md. - Boundary markers: None identified; instructions do not explicitly tell the agent to ignore instructions embedded in the scraped content.
- Capability inventory: The agent can execute a local extraction script (
extract-content.js) and interact with a local database tool (qurl). - Sanitization: No explicit sanitization or validation of the scraped content is described before ingestion.
Audit Metadata