Hacker News
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves data from official and well-known services, specifically the Hacker News API on Firebase (hacker-news.firebaseio.com) and the Algolia search API (hn.algolia.com).
- [COMMAND_EXECUTION]: Documentation provides example curl commands for fetching API data and uses the date command to generate Unix timestamps for time-based search filters.
- [PROMPT_INJECTION]: The skill ingests untrusted external content from Hacker News story text and user comments, which presents a surface for indirect prompt injection. Ingestion occurs via API responses documented in api.md and search.md. No specific boundary markers or sanitization logic are defined in the skill for this content, though capabilities are limited to data retrieval and display.
Audit Metadata