podcast-producer
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell command execution using
ffmpegfor audio manipulation (filtering, mixing, concatenation, mastering),curlfor API interactions, and system utilities likejqandbase64. It uses a temporary working directory (/tmp/podcast-XXXXXX) for intermediate files. - [EXTERNAL_DOWNLOADS]: Fetches royalty-free audio assets (music, sound effects, ambience) from well-known services including Pixabay, Freesound, and Mixkit. These downloads are required for the skill's stated purpose of high-quality production.
- [DATA_EXFILTRATION]: Transmits user-provided script text to an external relay TTS API (
$API_URL/api/data/tts/synthesize) to generate voice audio. This operation uses platform-provided Bearer tokens for authentication. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted script content that includes structural directives (e.g.,
[INTRO],[HOST]). The instructions include a specific safety guideline to use alphanumeric filenames only to mitigate potential command injection risks when processing these user-supplied markers in shell commands.
Audit Metadata