summarize
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [NO_CODE]: The skill consists of documentation and metadata without providing any internal executable scripts or source code.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a third-party binary via Homebrew from the
steipete/tap/summarizerepository. - [COMMAND_EXECUTION]: The skill operates by executing the
summarizeCLI tool with user-provided arguments, which is its intended primary purpose. - [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, documents, and transcripts, creating a surface for indirect prompt injection.
- Ingestion points: Web pages, PDF files, and YouTube video content accessed via the
summarizecommand. - Boundary markers: None are specified; the tool processes the input stream directly as defined in the examples.
- Capability inventory: The skill uses a subprocess call to execute the external
summarizebinary. - Sanitization: No explicit sanitization or instruction filtering is implemented within the skill definition; safety relies on the underlying LLM's robustness and the CLI tool's extraction logic.
Audit Metadata