ai-radar

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches multiple JSON files from the author's GitHub repository pages (learnprompt.github.io). These files contain aggregated AI news signals used to generate reports.\n
  • Evidence: curl commands in SKILL.md target latest-24h.json, stories-merged.json, and other data files.\n
  • Downloads are directed to the temporary /tmp directory.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands and Python to manage data processing logic.\n
  • Evidence: Use of curl for data retrieval and python3 for parsing JSON via heredoc templates defined in SKILL.md.\n- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern where remote data is downloaded and immediately processed by a script. In this context, the skill downloads structured JSON data from the author's domain and processes it using local Python templates. This implementation does not involve executing the remote content itself as code.\n
  • Pattern: curl [URL] -o [PATH] && python3 [SCRIPT] identified in multiple routes within SKILL.md.\n- [PROMPT_INJECTION]: The skill processes news content from over 150 external sources, creating a potential surface for indirect prompt injection if those sources contain malicious instructions.\n
  • Ingestion Points: News titles, descriptions, and signals in the latest-24h.json and stories-merged.json files.\n
  • Boundary Markers: Absent; the skill does not explicitly instruct the agent to ignore commands potentially embedded in the news text.\n
  • Capability Inventory: The skill can perform network requests (curl) and local filesystem writes (/tmp).\n
  • Sanitization: The data is parsed using the standard json library, which protects against structural parsing issues, though the textual content is passed to the LLM for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 08:11 AM