daily-digest
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several system tools and package managers via subprocess calls.
scripts/setup.pyexecutespip installto manage the skill's Python dependencies.scripts/fetch_podcast.pyusescurlto download audio files from RSS feed URLs.scripts/fetch_youtube.pyutilizesyt-dlpto query video metadata and download subtitles or audio streams.- [EXTERNAL_DOWNLOADS]: The skill fetches content and software components from remote sources.
- Media content (audio and text) is downloaded from user-configured RSS feeds and YouTube channels.
- Python libraries are installed from the Python Package Index (PyPI) during the setup process.
- The
transcribe.pyscript triggers the download of Whisper models for speech-to-text processing. - [DATA_EXFILTRATION]: The skill transmits data to an external service as part of its primary function.
scripts/notify_telegram.pysends generated summaries to the Telegram Bot API using credentials (token and chat ID) provided by the user during configuration.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
- Ingestion points: Untrusted content enters the agent context via RSS feed summaries in
fetch_podcast.pyand YouTube transcripts (subtitles/audio) infetch_youtube.py. - Boundary markers: The instructions in
SKILL.mdthat direct the agent to summarize content do not employ explicit delimiters or 'ignore' instructions to isolate the source text from the agent's core logic. - Capability inventory: The skill environment possesses capabilities for file system writes, network requests, and system command execution (
curl,yt-dlp,pip). - Sanitization:
scripts/fetch_youtube.pyincludes aparse_vttfunction that performs basic sanitization by stripping HTML tags from subtitle data.
Audit Metadata