ai-podcast-creation
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by interpolating untrusted data into large language model (LLM) prompts.
- Ingestion points: External document content provided by the user is interpolated into the script generation prompt in the 'NotebookLM-Style Content' section of SKILL.md.
- Boundary markers: The prompt lacks clear boundary markers or delimiters (e.g., XML tags or triple backticks) to separate user content from the core instructions, increasing the risk that the model follows instructions contained within the document.
- Capability inventory: The skill uses the Bash tool to execute the 'belt' CLI, which provides access to various AI models and media processing services (executing subprocess calls across all generated scripts).
- Sanitization: There is no evidence of input validation, filtering, or escaping of the user-provided content before it is processed by the model.
Audit Metadata