hn-summarize

Fail

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to retrieve API data and python3 -c to parse JSON and display results. These commands are static and part of the skill's data processing workflow.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known services including Hacker News (Firebase and Algolia APIs) and Archive.org. These downloads are necessary for the skill's stated functionality.
  • [PROMPT_INJECTION]: The skill ingests untrusted text from Hacker News comments and linked articles, creating a surface for indirect prompt injection where malicious instructions in the content could influence the agent.
  • Ingestion points: Hacker News API responses and external article content (SKILL.md).
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the external data.
  • Capability inventory: curl, python3, and sed are used across the processing steps.
  • Sanitization: The skill performs basic HTML tag stripping and entity replacement for display purposes, but lacks safety-oriented sanitization to prevent the agent from executing instructions found within the text.
Recommendations
  • HIGH: Downloads and executes remote code from: https://hn.algolia.com/api/v1/items/OBJECT_ID, https://hn.algolia.com/api/v1/search?query=YOUR+QUERY&tags=story, https://hacker-news.firebaseio.com/v0/topstories.json - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 26, 2026, 06:32 AM
Security Audit — agent-trust-hub — hn-summarize