Knowledge Harvester

The Knowledge Harvester bundle automates news retrieval and summarization but is classified as suspicious due to high-risk behaviors and potential vulnerabilities. The instructions in SKILL.md direct the AI agent to execute shell commands using unvalidated strings (e.g., article titles and domain queries), creating a risk of command injection. Additionally, the bundle requires network access via curl in scripts/fetch-articles.sh to reach news.google.com and performs broad file system operations. While these actions are consistent with the stated purpose, the lack of input sanitization and the use of shell-based processing of external data constitute significant security risks.