miniflux-news
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes article content from external RSS feeds via the Miniflux API. \n
- Ingestion points: The script
scripts/miniflux.pyfetches entry content which is then passed to the agent for summarization. \n - Boundary markers: The instructions in
SKILL.mdlack explicit delimiters or instructions for the agent to ignore potentially malicious commands embedded within the fetched news items. \n - Capability inventory: The skill allows reading and writing its own configuration file and performing network operations to interact with the Miniflux REST API. \n
- Sanitization: The Python script strips HTML tags but does not perform any NLP-level sanitization to filter out prompt injection attempts hidden in the text content of the articles.
Audit Metadata