hack-feed
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
collect-structured.sh) which coordinates the aggregation of technical data. The script utilizes standard utilities such asgh,jq,curl, andpython3to process information. This is a legitimate use of local command execution for a data processing skill. - [EXTERNAL_DOWNLOADS]: Data is retrieved from reputable and well-known technical sources, including GitHub, Hacker News (via Algolia), and official project feeds (v8.dev, bun.sh, webkit.org). These downloads are restricted to technical information and do not include untrusted executable code.
- [DATA_EXFILTRATION]: There is no evidence of sensitive local data being transmitted to external servers. The skill performs network operations solely to fetch technical news and uses local cache directories for temporary storage.
- [PROMPT_INJECTION]: The skill is designed to fetch and summarize content from external technical sources. This activity creates a surface for indirect prompt injection, where malicious instructions could be embedded in technical feeds (e.g., GitHub PR descriptions).
- Ingestion points: GitHub Issue/PR descriptions, HN comment snippets, and RSS feed summaries collected in the structured collection script.
- Boundary markers: Content is processed through structured formats (JSON) before being presented to the agent for technical explanation.
- Capability inventory: The skill has file-write permissions for caching in
~/.claude/cache/and uses standard MCP tools for technical web searching and fetching. - Sanitization: External content is handled via
jqfor structure andxml.etree.ElementTreefor Atom/RSS parsing, which minimizes the direct interpolation of raw external strings into sensitive shell or prompt contexts.
Audit Metadata