Skills
skills/daaab/agent-skills/podcast-summarizer/Gen Agent Trust Hub

podcast-summarizer

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/summarize_podcast.py utilizes subprocess.run() to invoke the whisper command-line utility for transcribing audio files. The implementation uses a list of arguments rather than a single shell string, which is a secure practice that mitigates shell injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests using the requests library to fetch RSS feeds and download audio files from Spotify, SoundOn, and other user-provided URLs. This is essential for its primary functionality of podcast summarization.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Audio content from external sources is transcribed into text and then directly interpolated into the summarization prompt for the LLM without adequate sanitization or structural boundaries.
  • Ingestion points: Audio data is ingested and converted to text in scripts/summarize_podcast.py via the transcribe_audio function.
  • Boundary markers: None. The transcript is placed directly into the prompt string.
  • Capability inventory: The script can execute subprocesses (whisper), perform network GET requests, and write to the local file system.
  • Sanitization: None. The transcript text is sliced to a maximum length but otherwise unprocessed before being sent to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:03 PM
Security Audit — agent-trust-hub — podcast-summarizer