rss-feed
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
rss_fetcher.pycontains a hardcoded absolute file path/Users/delta/.openclaw/workspace/01-Projects/daily-report/01-raw-materials/rss-data. This exposure reveals the local system's username ('delta') and internal project directory structure to anyone with access to the skill code.\n- [PROMPT_INJECTION]: The skill processes untrusted content from multiple external RSS feeds, which presents an indirect prompt injection surface.\n - Ingestion points: External data is fetched from various URLs (e.g., Google News, TechCrunch) in
rss_fetcher.py.\n - Boundary markers: The resulting JSON output lacks any boundary markers or instructions to downstream agents to ignore embedded commands.\n
- Capability inventory: The script performs network reads and local file writes via the
RSSFetcherclass.\n - Sanitization: There is no sanitization or filtering of the article summaries or titles before they are written to disk, allowing potential malicious instructions from a compromised RSS source to be stored.
Audit Metadata