skills/skill-zero/s/ai-podcast/Gen Agent Trust Hub

ai-podcast

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted user data—specifically podcast scripts and character images—which are then passed to downstream AI services (text-to-speech, image generation, and video animation).
  • Ingestion points: User-provided URLs in the phota/train command and script text in the inworld/text-to-speech-2 command.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content embedded within the user-provided scripts or image metadata.
  • Capability inventory: The skill utilizes the Bash tool to execute multiple infsh app run commands for training, image generation, audio synthesis, video rendering, and media merging.
  • Sanitization: There are no documented steps for sanitizing or validating the input text or image sources before they are processed by the automated pipeline.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to interact with the platform's CLI (infsh). While the documented instructions use structured JSON for inputs, the presence of a shell environment combined with user-controlled parameters (like URLs and script text) necessitates careful handling to prevent potential command injection if input is not properly escaped by the underlying platform.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:47 AM
Security Audit — agent-trust-hub — ai-podcast