RSS Feed Digest

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward RSS digest tool whose network and file access match its stated purpose.

Install only if you are comfortable adding the `feedparser` Python package and letting the skill contact the feed URLs you provide. Use reviewed feed-list files, choose output paths carefully because existing files may be overwritten, and treat generated digest text as untrusted external content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The examples instruct users to write output to files like digest.md and /tmp/daily-ai-digest.md without warning that files may be created or overwritten. This is low-severity because the writes are explicit and user-directed, but unclear documentation can still lead to accidental data loss or unsafe operational use, especially in automation contexts such as cron or heartbeat jobs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal