summarize
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill instructs users to modify the
OPENAI_BASE_URLto a third-party proxy service (opencode.ai). This configuration causes the agent to send sensitive API credentials (provided viaOPENAI_API_KEY) to an unverified third-party server instead of the official OpenAI endpoint. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on a binary dependency
summarizehosted in a personal third-party Homebrew tap (steipete/tap/summarize). This source is not part of the trusted organization list and the binary's integrity is unverifiable. - METADATA_POISONING (MEDIUM): The skill references non-existent or deceptive AI models such as 'GPT 5 Nano' and 'Big Pickle'. This misinformation may mislead users into trusting the 'OpenCode Zen' service under false pretenses.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted content from external URLs and YouTube links, creating a surface for injection attacks.
- Ingestion points: URLs and file paths passed to the
summarizecommand inSKILL.md. - Boundary markers: None identified.
- Capability inventory: Execution of the
summarizeCLI tool which has network and file read access. - Sanitization: None mentioned; the tool likely interpolates external data directly into a model prompt.
Audit Metadata