ai-podcast
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted user data—specifically podcast scripts and character images—which are then passed to downstream AI services (text-to-speech, image generation, and video animation).
- Ingestion points: User-provided URLs in the
phota/traincommand and script text in theinworld/text-to-speech-2command. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content embedded within the user-provided scripts or image metadata.
- Capability inventory: The skill utilizes the Bash tool to execute multiple
infsh app runcommands for training, image generation, audio synthesis, video rendering, and media merging. - Sanitization: There are no documented steps for sanitizing or validating the input text or image sources before they are processed by the automated pipeline.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to interact with the platform's CLI (
infsh). While the documented instructions use structured JSON for inputs, the presence of a shell environment combined with user-controlled parameters (like URLs and script text) necessitates careful handling to prevent potential command injection if input is not properly escaped by the underlying platform.
Audit Metadata