summarize
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the
@steipete/summarizepackage from the npm registry usingbun xinscripts/summarize.sh.- [REMOTE_CODE_EXECUTION]: Executes third-party code downloaded at runtime via thebun xcommand. The skill passes user-provided arguments directly to this execution environment.- [COMMAND_EXECUTION]: Interacts with local system binaries includingyt-dlp,ffmpeg,tesseract, andwhisper-clifor media handling and OCR. It also supports execution of arbitrary commands defined in environment variables such asSUMMARIZE_ONNX_PARAKEET_CMDfor transcription processing.- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the processing of untrusted external data. - Ingestion points: Content is ingested from arbitrary web URLs, YouTube video transcripts, and local files provided by the user.
- Boundary markers: The skill does not implement explicit delimiters or instructions to the model to ignore potential malicious prompts embedded within the ingested data.
- Capability inventory: The skill can execute shell commands through its CLI wrapper, read sensitive local configuration files (
~/.summarize/config.json), and write files (extracted slides) to the local filesystem. - Sanitization: No sanitization or filtering logic is present to clean external content before it is processed by the agent.
Audit Metadata