Skills
skills/teamwiseflow/wiseflow/rss-reader/Gen Agent Trust Hub

rss-reader

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Node.js script (fetch-rss.mjs) to retrieve and format RSS feed data.
  • [EXTERNAL_DOWNLOADS]: The fetch-rss.mjs script performs network requests to arbitrary external URLs provided by the user or discovered during the URL discovery step to fetch XML feed content.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted content from external RSS feeds.
  • Ingestion points: External data enters the system via the parser.parseURL(feedUrl) call in scripts/fetch-rss.mjs.
  • Boundary markers: The output is structured with Markdown headers and thematic breaks (---), providing some separation between the feed content and agent instructions.
  • Capability inventory: The skill has network-read capabilities (via rss-parser) and executes a local script, but it does not have file-write or persistence capabilities.
  • Sanitization: The script performs no sanitization of the article content, summaries, or titles before outputting them to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 11:19 AM
Security Audit — agent-trust-hub — rss-reader