blogwatcher
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and quick-start guide instruct the user to install a Go binary from a third-party repository:
github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest. This repository is not associated with a known trusted organization or vendor. - [COMMAND_EXECUTION]: The skill functions by executing shell commands via the
blogwatcherCLI tool. This includes commands likeblogwatcher scanwhich initiate network connections to external, user-specified URLs. - [PROMPT_INJECTION]: The skill provides an interface for the agent to ingest and process untrusted data from RSS and Atom feeds, creating an indirect prompt injection surface.
- Ingestion points: External content is fetched through the
scanandarticlescommands. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat the retrieved feed data as untrusted.
- Capability inventory: The agent can execute CLI commands and manage a local database of articles.
- Sanitization: The instructions do not include any steps for sanitizing or validating the content retrieved from external feeds before the agent interprets it.
Audit Metadata