hn-summarize
Fail
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto retrieve API data andpython3 -cto parse JSON and display results. These commands are static and part of the skill's data processing workflow. - [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known services including Hacker News (Firebase and Algolia APIs) and Archive.org. These downloads are necessary for the skill's stated functionality.
- [PROMPT_INJECTION]: The skill ingests untrusted text from Hacker News comments and linked articles, creating a surface for indirect prompt injection where malicious instructions in the content could influence the agent.
- Ingestion points: Hacker News API responses and external article content (SKILL.md).
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the external data.
- Capability inventory:
curl,python3, andsedare used across the processing steps. - Sanitization: The skill performs basic HTML tag stripping and entity replacement for display purposes, but lacks safety-oriented sanitization to prevent the agent from executing instructions found within the text.
Recommendations
- HIGH: Downloads and executes remote code from: https://hn.algolia.com/api/v1/items/OBJECT_ID, https://hn.algolia.com/api/v1/search?query=YOUR+QUERY&tags=story, https://hacker-news.firebaseio.com/v0/topstories.json - DO NOT USE without thorough review
Audit Metadata