podcast-generator
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were detected within the skill's instructions or Python code.\n- [EXTERNAL_DOWNLOADS]: The skill requires the
websocketsPython package to facilitate communication with the remote AI service. This is a standard and expected dependency for the stated functionality.\n- [DATA_EXFILTRATION]: The script transmits authentication credentials (APP_ID and ACCESS_KEY) toopenspeech.bytedance.comvia WebSocket headers. ByteDance is a well-known service provider, and this domain is the official endpoint for the Volcano Engine Podcast API, making the data transmission legitimate for the skill's operation.\n- [CREDENTIALS_UNSAFE]: A hardcoded valueaGjiRDfUWiis assigned to theX-Api-App-Keyheader. However, the documentation provided in the skill confirms this is a fixed, public constant required for the API protocol and not a sensitive, user-specific secret.
Audit Metadata