summarize
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
summarizeCLI tool through a third-party Homebrew repository (steipete/tap/summarize). - [COMMAND_EXECUTION]: The skill operates by invoking the
summarizebinary, which involves executing subprocesses to perform its tasks. - [PROMPT_INJECTION]: This skill presents a surface for indirect prompt injection as it is designed to process and summarize untrusted data from the web and local files.
- Ingestion points: The skill accepts data from external URLs, YouTube transcripts, and various local file formats (PDF, image, audio) as specified in
SKILL.md. - Boundary markers: No specific delimiters or safety instructions are provided to ensure the agent ignores instructions embedded within the content being summarized.
- Capability inventory: The tool performs network requests to fetch web content and accesses the local file system to read documents.
- Sanitization: The skill description lacks any definition for sanitizing or validating the input data before it is processed by the AI.
Audit Metadata