miniflux-news

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes article content from external RSS feeds via the Miniflux API. \n
  • Ingestion points: The script scripts/miniflux.py fetches entry content which is then passed to the agent for summarization. \n
  • Boundary markers: The instructions in SKILL.md lack explicit delimiters or instructions for the agent to ignore potentially malicious commands embedded within the fetched news items. \n
  • Capability inventory: The skill allows reading and writing its own configuration file and performing network operations to interact with the Miniflux REST API. \n
  • Sanitization: The Python script strips HTML tags but does not perform any NLP-level sanitization to filter out prompt injection attempts hidden in the text content of the articles.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:25 AM
Security Audit — agent-trust-hub — miniflux-news