podcast-generator

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were detected within the skill's instructions or Python code.\n- [EXTERNAL_DOWNLOADS]: The skill requires the websockets Python package to facilitate communication with the remote AI service. This is a standard and expected dependency for the stated functionality.\n- [DATA_EXFILTRATION]: The script transmits authentication credentials (APP_ID and ACCESS_KEY) to openspeech.bytedance.com via WebSocket headers. ByteDance is a well-known service provider, and this domain is the official endpoint for the Volcano Engine Podcast API, making the data transmission legitimate for the skill's operation.\n- [CREDENTIALS_UNSAFE]: A hardcoded value aGjiRDfUWi is assigned to the X-Api-App-Key header. However, the documentation provided in the skill confirms this is a fixed, public constant required for the API protocol and not a sensitive, user-specific secret.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:12 AM
Security Audit — agent-trust-hub — podcast-generator