xiaoyuzhou-to-article

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted audio content and transcripts fetched from external Xiaoyuzhou podcast pages. This content is subsequently interpreted by the agent to generate articles, creating a surface for indirect prompt injection if the source material contains adversarial instructions.
  • Ingestion points: Podcast audio streams and page metadata via scripts/transcribe.sh.
  • Boundary markers: No specific delimiters or safety instructions are used when passing the raw transcript to the LLM for article generation.
  • Capability inventory: Subprocess execution (ffmpeg, curl, python3) and network access to Groq API.
  • Sanitization: Transcription cleaning is present but intended for removing Whisper hallucinations rather than sanitizing malicious input.- [EXTERNAL_DOWNLOADS]: The documentation suggests osxexperts.net as an alternative source for downloading static ffmpeg binaries. While this is presented as a fallback for users without administrative or package manager access, it introduces a third-party dependency recommendation outside of official vendor channels.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 01:54 AM
Security Audit — agent-trust-hub — xiaoyuzhou-to-article