podcast-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (LOW): The
SKILL.mdfile contains an instruction ('Do NOT read the Python file, just call it') that attempts to override the agent's standard safety practice of auditing code before execution. This is a control-bypass pattern intended to limit the agent's oversight of its own actions. - Data Exfiltration (LOW): The
generate.pyscript makes outbound network requests to 'openspeech.bytedance.com' via therequestslibrary. Since this domain is not in the trusted scope list, the network operation is flagged as low severity. - Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection as it processes untrusted user content without sanitization. Evidence Chain: 1. Ingestion points: User-provided source content (text/articles) identified in Step 1 of the workflow. 2. Boundary markers: Absent; the instructions provide no delimiters or warnings to treat user content as untrusted. 3. Capability inventory: The skill performs file writing (
open) and script execution (python generate.py). 4. Sanitization: Absent; the agent is directed to transform the input text into dialogue without escaping or validation.
Audit Metadata