hackernews
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill uses well-known services (Firebase/Hacker News) and standard utilities (curl, jq) for its primary functionality.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it retrieves and processes user-generated content (comments, bios, titles) from Hacker News. This is an inherent property of the skill's intended purpose.\n
- Ingestion points: Hacker News API endpoints (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat API output as untrusted data.\n
- Capability inventory: Shell execution for curl and jq (SKILL.md).\n
- Sanitization: No sanitization is performed on the raw text content retrieved from the API.
Audit Metadata