gencast
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions frequently generate Bash commands using user-provided input, such as filenames (e.g.,
gencast <input-file>). There is a risk of shell injection if the agent interpolates filenames containing shell metacharacters (e.g.,;,&,|) without proper sanitization. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted external data (Markdown and PDF documents) to generate podcast scripts and audio.
- Ingestion points: Files provided by the user as input to the
gencastCLI (e.g.,document.md,chapter.md). - Boundary markers: None identified; document content is processed directly by the external tool.
- Capability inventory: Uses the
Bashtool to run commands and theReadtool to access files. - Sanitization: There is no evidence of sanitization or content filtering for the documents before they are processed by the tool's LLM components.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing a third-party package (
pip install gencast) if it is not present. While this is a standard developer workflow, users should verify the package's integrity before installation.
Audit Metadata