@554/news-aggregator-skill

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess.run command in scripts/fetch_news.py to execute local helper Python scripts (fetch_hf_papers_playwright.py and fetch_bensbites.py). While these are internal scripts, the use of subprocesses is a sensitive capability.
  • [EXTERNAL_DOWNLOADS]: The skill performs numerous network requests to fetch data from various RSS feeds and APIs. In scripts/rss_parser.py, SSL certificate verification is explicitly disabled (verify=False), which leaves the connection vulnerable to man-in-the-middle (MITM) attacks. Additionally, it uses unencrypted HTTP to access the Hacker News Algolia API in scripts/fetch_news.py.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and summarizes content from arbitrary external websites. * Ingestion points: The fetch_url_content function in scripts/fetch_news.py extracts text from external URLs. * Boundary markers: No delimiters or instructions to ignore embedded commands are present in the instruction templates used by the agent. * Capability inventory: The agent can execute local commands via subprocess.run and write to the local filesystem in the reports/ directory. * Sanitization: The scraping process removes certain HTML tags but does not filter the extracted text for malicious natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 03:11 AM
Security Audit — agent-trust-hub — @554/news-aggregator-skill