summarize
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'summarize' binary from a third-party Homebrew tap ('steipete/tap/summarize') which is not on the trusted vendor list.
- [COMMAND_EXECUTION]: The skill executes the 'summarize' CLI tool with arguments that can include arbitrary local file paths and network URLs, allowing the tool to access sensitive system resources.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The 'summarize' command processes arbitrary web content from URLs and YouTube transcripts. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition. Capability inventory: The tool can read local files and fetch remote content. Sanitization: There is no evidence of sanitization or filtering of the extracted text before it is passed back to the agent.
- [DATA_EXFILTRATION]: The skill's ability to summarize local files creates a risk where sensitive information, such as configuration files or private keys, could be extracted and summarized if an attacker can influence the file paths provided to the tool.
Audit Metadata