pocketcast

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and displays podcast metadata and show notes (described as HTML content) from the Pocket Casts API. This content is untrusted and could contain malicious instructions designed to manipulate the agent's behavior. * Ingestion points: The shownotes, podcast, episode, and search commands defined in SKILL.md retrieve external data. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or treat the retrieved content as data only. * Capability inventory: The skill uses npx tsx to execute shell commands, which increases the potential impact of an injection. * Sanitization: The instructions do not specify any sanitization or filtering of the HTML show notes before they are presented to the agent.
  • [COMMAND_EXECUTION]: Local Script Execution. The skill is designed to run a local TypeScript script located at ${CLAUDE_PLUGIN_ROOT}/scripts/pocketcast.ts using the npx tsx command runner.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 07:11 AM
Security Audit — agent-trust-hub — pocketcast