pocketcast
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and displays podcast metadata and show notes (described as HTML content) from the Pocket Casts API. This content is untrusted and could contain malicious instructions designed to manipulate the agent's behavior. * Ingestion points: The
shownotes,podcast,episode, andsearchcommands defined inSKILL.mdretrieve external data. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or treat the retrieved content as data only. * Capability inventory: The skill usesnpx tsxto execute shell commands, which increases the potential impact of an injection. * Sanitization: The instructions do not specify any sanitization or filtering of the HTML show notes before they are presented to the agent. - [COMMAND_EXECUTION]: Local Script Execution. The skill is designed to run a local TypeScript script located at
${CLAUDE_PLUGIN_ROOT}/scripts/pocketcast.tsusing thenpx tsxcommand runner.
Audit Metadata