Podcast Transcription Pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted audio data from external podcasts and RSS feeds for the purpose of summarization and show notes generation. \n
- Ingestion points: Audio content from podcast episodes and metadata fetched from the Podcast Index API (SKILL.md).\n
- Boundary markers: The skill description lacks specific delimiters or ignore instructions for the processed transcript text to prevent the model from obeying instructions contained within the audio.\n
- Capability inventory: Extensive capabilities including transcription with Whisper API, semantic similarity for chapter markers, spaCy for entity extraction, and automated summarization for show notes.\n
- Sanitization: No sanitization or validation of the transcribed text is described before it is fed into the summarization model.\n- [EXTERNAL_DOWNLOADS]: The skill is installed via external package managers including npx and clawhub, which download code from the vendor's repository and associated hubs. This is documented as the standard installation procedure for the agentskillexchange ecosystem.\n- [COMMAND_EXECUTION]: Audio processing is performed using external command-line tools FFmpeg and SoX. While these are standard tools for media processing, handling files from external RSS feeds involves potential command injection risks if the file paths or parameters are not properly sanitized.\n- [DATA_EXFILTRATION]: Transcripts and metadata are transmitted to external hosting platforms (Transistor.fm and Podbean) via their respective APIs as part of the automated publishing workflow. This behavior is consistent with the primary intended purpose of the skill.
Audit Metadata