podcast-production
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell commands to execute local scripts (e.g.,
notion_import.py,notion_markdown.py,generate_image.py). This includes a specific hardcoded absolute path to a user's desktop:/Users/charliedeist/Desktop/New Root Docs/.claude/scripts/. Such patterns are brittle and pose security risks in shared execution environments. - [CREDENTIALS_UNSAFE]: A specific Notion Database ID (
d60323d3-8162-4cd0-9e1c-1fea5aad3801) is hardcoded in the skill's instructions. The skill also explicitly describes loading.envfiles which typically contain sensitive API keys and secrets. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external transcript data through LLM sub-agents to generate marketing content.
- Ingestion points:
SOURCE.md(transcript data imported via Notion API). - Boundary markers: Absent; prompt templates for sub-agents lack delimiters or instructions to ignore embedded commands within the transcript.
- Capability inventory: Subprocess execution (Python scripts), file system access (read/write), and network operations via external APIs.
- Sanitization: None; the skill uses verbatim transcript segments, which could contain malicious instructions designed to influence the agent's output or actions.
Audit Metadata