ai-podcast-creation
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
infshcommand-line utility to interact with the inference.sh platform, executing commands for authentication and running hosted AI models for audio generation and media merging. - [EXTERNAL_DOWNLOADS]: The documentation suggests the installation of additional skill packages (e.g.,
inference-sh/skills@agent-tools) using thenpx skills addcommand, which downloads external code from a remote repository. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface in its 'NotebookLM-Style Content' workflow by interpolating untrusted document text directly into an LLM prompt. 1. Ingestion points: The
<your-document-content>placeholder in the script generation prompt inSKILL.md. 2. Boundary markers: The prompt template lacks specific delimiters or 'ignore instructions' warnings to isolate the document content from the script-writing instructions. 3. Capability inventory: The skill has the capability to execute shell commands via theinfshtool. 4. Sanitization: There is no evidence of sanitization or validation for the document content before it is processed by the LLM.
Audit Metadata