event-sources

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to automate content extraction and database searches. This includes standard usage of the bun and qurl tools, including benign shell substitutions such as $(date '+%B %Y') to facilitate date-based queries.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading content from well-known event platforms and official Berlin tourism and institutional websites. These sources are reputable and aligned with the skill's goal of event discovery.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external websites, creating a surface for indirect prompt injection. However, this is inherent to its data aggregation purpose and involves trustworthy sources. The analysis noted the following factors:
  • Ingestion points: External event websites and RSS feeds listed in references/sources.md.
  • Boundary markers: None identified; instructions do not explicitly tell the agent to ignore instructions embedded in the scraped content.
  • Capability inventory: The agent can execute a local extraction script (extract-content.js) and interact with a local database tool (qurl).
  • Sanitization: No explicit sanitization or validation of the scraped content is described before ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:14 PM
Security Audit — agent-trust-hub — event-sources