ai-radar
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches multiple JSON files from the author's GitHub repository pages (learnprompt.github.io). These files contain aggregated AI news signals used to generate reports.\n
- Evidence: curl commands in
SKILL.mdtarget latest-24h.json, stories-merged.json, and other data files.\n - Downloads are directed to the temporary
/tmpdirectory.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands and Python to manage data processing logic.\n - Evidence: Use of
curlfor data retrieval andpython3for parsing JSON via heredoc templates defined inSKILL.md.\n- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern where remote data is downloaded and immediately processed by a script. In this context, the skill downloads structured JSON data from the author's domain and processes it using local Python templates. This implementation does not involve executing the remote content itself as code.\n - Pattern:
curl [URL] -o [PATH] && python3 [SCRIPT]identified in multiple routes withinSKILL.md.\n- [PROMPT_INJECTION]: The skill processes news content from over 150 external sources, creating a potential surface for indirect prompt injection if those sources contain malicious instructions.\n - Ingestion Points: News titles, descriptions, and signals in the
latest-24h.jsonandstories-merged.jsonfiles.\n - Boundary Markers: Absent; the skill does not explicitly instruct the agent to ignore commands potentially embedded in the news text.\n
- Capability Inventory: The skill can perform network requests (
curl) and local filesystem writes (/tmp).\n - Sanitization: The data is parsed using the standard
jsonlibrary, which protects against structural parsing issues, though the textual content is passed to the LLM for summarization.
Audit Metadata