podcast-pipeline
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md file contains a preamble section that attempts to execute local scripts (
telemetry/version_check.pyandtelemetry/telemetry_init.py). These files are missing from the skill distribution, which prevents verification of their behavior and poses a risk of executing unreviewed code during skill initialization. - [PROMPT_INJECTION]: The skill processes untrusted external data from RSS feeds and transcript files. This data is interpolated directly into LLM prompts without boundary markers or instructions to ignore embedded commands, creating a surface for indirect prompt injection.
- Ingestion points: podcast_pipeline.py (ingests content from RSS URLs and transcript files).
- Boundary markers: Absent; the transcript text is passed directly into prompts for extraction and generation.
- Capability inventory: The skill performs network requests (via requests and SDKs) and file system writes (to the ./output directory).
- Sanitization: No filtering or sanitization of the input text is performed.
- [EXTERNAL_DOWNLOADS]: The
podcast_pipeline.pyscript automatically downloads audio files from remote URLs extracted from RSS feeds. While this is a core functionality, it involves downloading and processing files from arbitrary, potentially untrusted sources.
Audit Metadata