pp-foxnews
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
foxnews-pp-clitool usingnpx -y @mvanhorn/printing-press install foxnews --cli-only, which downloads and executes code from the npm registry.\n- [COMMAND_EXECUTION]: The skill operates by executing bash commands, includingnpxfor installation and thefoxnews-pp-clibinary for data retrieval.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted news content from external RSS feeds.\n - Ingestion points: RSS headlines and links are retrieved from
https://moxie.foxnews.comand ingested into the agent context via theheadlinescommand.\n - Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to treat the external feed data as potentially untrustworthy.\n
- Capability inventory: The skill is granted
Read Bashpermissions, which allows for the execution of shell commands.\n - Sanitization: Absent; no validation or filtering of the content retrieved from the RSS feeds is specified before processing.
Audit Metadata