Skills
skills/inference-sh-skills/skills/ai-podcast/Gen Agent Trust Hub

ai-podcast

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to invoke specialized AI applications (e.g., phota/train, inworld/text-to-speech-2, pruna/p-video-avatar) through the infsh command-line interface. These commands are integral to the media generation pipeline described.
  • [EXTERNAL_DOWNLOADS]: The pipeline involves processing external media assets, such as images and audio clips, referenced via URLs during the generation and merging phases.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common in media generation workflows, as it takes user-defined scripts and character descriptions and passes them to external AI models.
  • Ingestion points: User-provided script text and character prompts used in Step 1, Step 4, and Step 5.
  • Boundary markers: Absent; the instructions do not specify delimiters to isolate user content from system instructions.
  • Capability inventory: The skill uses Bash to run apps, Write to save files like profile.json, and Agent for task orchestration.
  • Sanitization: No specific sanitization or validation logic is defined for the user-supplied prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:07 AM
Security Audit — agent-trust-hub — ai-podcast