hackernews
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from the official Hacker News API (hacker-news.firebaseio.com). This is a well-known service and the downloads are limited to public JSON data.
- [COMMAND_EXECUTION]: Uses
curlandjqto retrieve and process API responses. The usage follows standard patterns for data retrieval and does not involve executing remote scripts or commands. - [DATA_EXFILTRATION]: Network activity is strictly confined to the Hacker News API for fetching public information. No sensitive local files or credentials are accessed or transmitted.
- [PROMPT_INJECTION]: As the skill processes untrusted external data (story titles, comments, and user bios) from Hacker News, there is a theoretical surface for indirect prompt injection.
- Ingestion points: API responses in
SKILL.md(e.g., story text, user bios). - Boundary markers: None present.
- Capability inventory:
curl,jqinSKILL.md. - Sanitization: None present.
Audit Metadata