Rss Digest

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches RSS/Atom feeds from a user-provided OPML file and formats a markdown digest, with expected privacy and scheduling cautions.

Install only if you want an agent-assisted RSS digest workflow. Use OPML files you trust, review feed URLs before scheduling recurring runs, choose output paths intentionally, and treat generated article titles/summaries as external content rather than trusted instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad natural-language phrases such as 'what's in my feeds today' and generic digest/summarization wording that could cause unintended invocation in ordinary conversation. This can lead the agent to perform network fetches and local file generation without the user clearly intending to run this specific skill.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The description does not clearly warn that the skill will fetch untrusted remote content from RSS/Atom feeds over the network and may write output files to disk. Without that disclosure, users may unknowingly expose network metadata to feed hosts or create persistent local artifacts in sensitive locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal