summarize
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'summarize' binary via a third-party Homebrew tap ('steipete/tap/summarize'), which is not part of the trusted vendor list.
- [COMMAND_EXECUTION]: The skill executes the 'summarize' CLI tool, allowing the agent to read local files and access remote content via URLs.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface (Category 8) by processing untrusted data from the web and files.
- Ingestion points: The skill retrieves data from arbitrary URLs, YouTube transcripts, and local file paths provided by the user or found in conversation.
- Boundary markers: Absent; the instructions do not provide delimiters or 'ignore' instructions for the content being summarized.
- Capability inventory: The skill uses a binary that can perform network requests and access the local file system.
- Sanitization: No sanitization or validation of the input content is implemented to prevent embedded instructions from influencing the agent's behavior.
Audit Metadata