Geek-skills-podcast-generator
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Volcano Engine (ByteDance) API endpoint at
wss://openspeech.bytedance.com/api/v3/sami/podcastttsto process audio generation requests and stream binary data. - [COMMAND_EXECUTION]: The provided Python script
scripts/generate_podcast.pymanages local file operations, including directory creation and writing generated audio data to user-specified paths on the local filesystem. - [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it processes user-provided content which is sent to an external AI model.
- Ingestion points:
input_textparameter inscripts/generate_podcast.pyused to populate the API request payload. - Boundary markers: Absent; user input is directly included in the JSON request.
- Capability inventory: Network communication via WebSockets and local file system write access for output storage.
- Sanitization: No sanitization or validation of the input text is performed before transmission to the external model.
- [SAFE]: The skill implements standard WebSocket communication and binary protocol handling consistent with its stated purpose of interfacing with the Volcano Engine Podcast AI service. The hardcoded header value used for the app key is a public protocol constant required by the service.
Audit Metadata