news-to-note
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by fetching untrusted news content and processing it alongside private user notes to generate insights. This is a common pattern for such tools and is mitigated by the agent's internal safety guardrails.
- Ingestion points: Untrusted news content fetched via
WebFetchandWebSearchas defined inSKILL.md. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded directives within the fetched news content.
- Capability inventory: The skill can search (
search_notes), read (read_note), and create/edit (create_note,edit_block) user notes. - Sanitization: Content cleaning is mentioned for usability (removing ads/navigation) but does not specifically filter for malicious instructions.
- [SAFE]: The skill uses tools and identifiers (
wpsnote) consistent with its stated purpose and the author's identity, representing standard vendor-owned resource usage.
Audit Metadata