watchers
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill scripts perform legitimate monitoring tasks using standard libraries. No hardcoded credentials, malicious obfuscation, or unauthorized access patterns were found.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it fetches and processes untrusted external data (from RSS feeds, GitHub activity, or web APIs) that the agent is then instructed to summarize.
- Ingestion points: Data is ingested through user-specified URLs in
watch_rss.py,watch_github.py, andwatch_http_json.py. - Boundary markers: The skill does not use specific delimiters or instructions to the agent to ignore embedded commands within the fetched content.
- Capability inventory: The agent has access to the
terminaltool, which could be exploited if an injection succeeds in influencing the agent's actions. - Sanitization: The scripts perform basic data extraction and truncation but do not sanitize the content for malicious prompt instructions.
Audit Metadata