@554/news-aggregator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocess.runcommand inscripts/fetch_news.pyto execute local helper Python scripts (fetch_hf_papers_playwright.pyandfetch_bensbites.py). While these are internal scripts, the use of subprocesses is a sensitive capability. - [EXTERNAL_DOWNLOADS]: The skill performs numerous network requests to fetch data from various RSS feeds and APIs. In
scripts/rss_parser.py, SSL certificate verification is explicitly disabled (verify=False), which leaves the connection vulnerable to man-in-the-middle (MITM) attacks. Additionally, it uses unencrypted HTTP to access the Hacker News Algolia API inscripts/fetch_news.py. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and summarizes content from arbitrary external websites. * Ingestion points: The
fetch_url_contentfunction inscripts/fetch_news.pyextracts text from external URLs. * Boundary markers: No delimiters or instructions to ignore embedded commands are present in the instruction templates used by the agent. * Capability inventory: The agent can execute local commands viasubprocess.runand write to the local filesystem in thereports/directory. * Sanitization: The scraping process removes certain HTML tags but does not filter the extracted text for malicious natural language instructions.
Audit Metadata