show-hn-writer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes external project documentation and user input to generate posts. This ingestion point is a potential surface for indirect prompt injection if the source materials contain instructions designed to manipulate the agent's output.\n
- Ingestion points: README files and user-provided project descriptions (SKILL.md, Step 1).\n
- Boundary markers: Not explicitly defined in prompt templates.\n
- Capability inventory: Python script execution (Step 8), content generation.\n
- Sanitization: No explicit sanitization or escaping of external content before interpolation.\n- [EXTERNAL_DOWNLOADS]: The skill provides a Python utility (SKILL.md, Step 8) that performs network requests to the Hacker News API (hacker-news.firebaseio.com), which is a well-known public service. This is used for trend analysis and duplication checks.\n- [COMMAND_EXECUTION]: The agent is provided with a Python snippet for fetching real-time data from a public API. The script is documented and performs a transparent task related to the skill's purpose.
Audit Metadata