podcast-generation
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected in the skill's instructions or Python implementation code.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
openspeech.bytedance.comfor text-to-speech synthesis. This endpoint is a legitimate service owned by the skill's author (ByteDance) and is necessary for the skill's primary function. - [COMMAND_EXECUTION]: The skill executes an internal Python script (
generate.py) to process audio and generate transcripts. The execution is scoped to the skill's directory and follows the described workflow. - [CREDENTIALS_UNSAFE]: Sensitive authentication tokens (
VOLCENGINE_TTS_ACCESS_TOKEN) are managed via environment variables, which is the standard and recommended practice for secret management in this environment. - [PROMPT_INJECTION]: The skill converts user-provided text into podcast scripts, presenting a standard surface for indirect prompt injection. This is a functional requirement for the skill's primary purpose.
- Ingestion points: User-provided text content converted to script JSON in
SKILL.md. - Boundary markers: Data is structured into a specific JSON schema before processing.
- Capability inventory: The
generate.pyscript performs network requests (TTS API) and file writes (MP3 and Markdown outputs). - Sanitization: No explicit sanitization of input text is mentioned, relying on the agent's internal safety guardrails during script generation.
Audit Metadata