The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill extracts text from user-provided Markdown and PDF files and uses this content to craft a podcast dialog, creating a surface for adversarial content to influence the agent's behavior.
Ingestion points: The scripts/extract_sources.py script reads any .md or .pdf file within a user-specified or default sources/ directory.
Boundary markers: There are no explicit boundary markers or instructions to the model to ignore embedded instructions within the source content during the dialog crafting phase.
Capability inventory: The skill utilizes Bash, Read, and Write tools. Malicious source content could potentially attempt to hijack the dialog generation process to influence the parameters passed to the generate_audio.py script or other shell commands.
Sanitization: The skill does not perform sanitization, filtering, or validation of the text extracted from source documents before incorporating it into the prompt for Step 2.
External Downloads (SAFE): The skill installs google-genai and pypdf via scripts/install_deps.py. These are legitimate, well-known packages necessary for the skill's stated purpose.
Command Execution (SAFE): Use of subprocess in the installation script and the Bash tool for running generation tasks are standard for this type of skill and limited to intended operations.

podcast-generator