summarize
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the 'summarize' tool from a third-party Homebrew tap ('steipete/tap/summarize'). Because the source is not a trusted organization or repository, the integrity of the downloaded binary cannot be verified.
- COMMAND_EXECUTION (LOW): The skill executes the 'summarize' binary using arguments like URLs and file paths provided by the user.
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: External URLs and local files. 2. Boundary markers: Absent. 3. Capability inventory: CLI execution with network and file access. 4. Sanitization: Absent. This allows malicious instructions embedded in web pages or documents to potentially influence the agent's behavior.
Audit Metadata