podwise
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's installation reference (
references/installation.md) instructs the user to execute a remote shell script via a pipe (curl -sL https://raw.githubusercontent.com/hardhackerlabs/podwise-cli/main/install.sh | sh). This pattern executes unverified code from the internet directly on the user's system. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading binary releases and source code from external GitHub repositories (
hardhackerlabs/podwise-cli) and Homebrew taps during the setup process. - [COMMAND_EXECUTION]: The workflows extensively use the
podwiseCLI tool to fetch data, process media files, and manage configuration. The agent executes these shell commands based on user input and logic defined in the skill's markdown files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted external content from podcast transcripts and summaries.
- Ingestion points:
workflows/episode-debate.md,workflows/language-learning.md,workflows/topic-research.md, andworkflows/weekly-recap.mduse thepodwise get transcriptandpodwise get summarycommands to read content provided by external sources. - Boundary markers: Absent. There are no explicit instructions or delimiters used to separate the transcript data from the agent's instructions or to warn the agent against following instructions embedded in the podcast content.
- Capability inventory: The agent has the ability to execute shell commands via the
podwiseCLI and write files to the local directory across multiple workflow scripts. - Sanitization: Absent. The external content is synthesized and analyzed by the LLM without prior filtering or sanitization of potential injection patterns.
Audit Metadata