Daily News Digest

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent news digest assistant, but users should understand that it stores preferences locally and can create scheduled news deliveries if enabled.

Before installing, decide whether you are comfortable with news interests, region, delivery schedule, source preferences, and optional archives being saved in ~/daily-news-digest/. If you enable scheduled delivery or voice, confirm the exact channel and remember that search queries or briefing text may be sent to configured third-party services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The guide authorizes delivery over Telegram, WhatsApp, Discord, and Email, but the file does not show any explicit scoping, consent checks, or channel-specific authorization before sending content externally. This increases the risk of unintended data disclosure, especially if preferences or briefing content contain sensitive personal information such as user interests, region, schedule, or account-linked destinations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger set includes very broad natural-language phrases such as "news," "briefing," and "what's happening," which are likely to appear in ordinary conversation and can cause unintended skill activation. In a news skill, accidental activation can expose personalized content, consume resources, and create confusing or privacy-impacting behavior if the assistant responds when the user did not intend to invoke this skill.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: Phrases like "everything" and "all news" are underspecified and overly broad, making it easy for unrelated user utterances to be misclassified as requests for a deep-dive mode. While this is less severe than sensitive-action abuse, it can still cause unexpected behavior, excessive output, and poor user control over the skill's operation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes an archive feature that writes briefing content to a local path, but it does not clearly warn users that invoking archive behavior will create files on disk. Because the archive includes links, sources, timestamps, and topic metadata, silent local persistence can create privacy and data-retention risks, especially on shared devices or managed environments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The Archive Format section explicitly specifies saving to `~/daily-news-digest/archive/YYYY-MM-DD.md` and storing structured content including URLs, source names, generation time, and topic tags, but provides no consent, warning, or minimization guidance. In context, this makes the issue more credible because the feature is designed behavior rather than incidental text, increasing the likelihood of unnoticed local data accumulation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The template explicitly instructs creation and continual updating of a persistent memory file containing user interests, exclusions, geography, schedule, source preferences, and behavioral observations. This creates a privacy and data-minimization risk because it encourages storage of behavioral profiling data and delivery details without any notice, consent guidance, retention limits, or sensitivity boundaries.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The scheduling flow instructs the agent to create persistent cron jobs and log schedule details in memory.md without any explicit notice about retention, external delivery, or what user data will be stored and transmitted. That omission can cause silent persistence of behavioral data and recurring outbound messages, creating privacy and transparency risks even when the feature is user-requested.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to persist personal preferences such as activation behavior, topics, geography, and potentially schedule details to a local memory file, but it does not require explicit disclosure or consent for persistent storage. This creates a privacy risk because users may provide sensitive behavioral and location information without understanding it will be retained across sessions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill allows creation of a cron job after the user confirms scheduling preferences, but it does not require a clear warning that system automation will be installed or that the user's crontab may be modified. Modifying scheduled tasks affects the host environment persistently and can surprise users, especially if they do not understand the operational or security implications of background execution.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The custom-source examples are phrased as ordinary conversational requests and do not define any confirmation or activation boundary before modifying persistent configuration. In this skill, that creates a real risk of unintended source changes from ambiguous user utterances or prompt-injected content embedded in articles/conversations, which could alter future news selection and trustworthiness.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The file instructs the skill to maintain source-quality data in local files without any user-facing notice that preferences and inferred judgments will be persisted. This is a real privacy and transparency issue because user feedback and source preferences may be stored across sessions unexpectedly, which can expose behavioral data or create surprise statefulness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal