Skills
skills/evolinkai/multi-summarize-skill-for-openclaw/Summarize/Gen Agent Trust Hub

Summarize

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/summarize.sh script executes several system utilities and third-party binaries to process content, including curl, python3, file, stat, markitdown, yt-dlp, pdftotext, whisper, and ffmpeg.
  • [EXTERNAL_DOWNLOADS]: Extracted text, transcripts, and metadata are sent to the vendor's API at https://api.evolink.ai/v1/messages for summarization. This is documented as the primary function of the skill.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external URLs, YouTube subtitles, and local documents. This creates a surface for indirect prompt injection where malicious instructions embedded in the summarized content could attempt to influence the agent's behavior.
  • Ingestion points: URLs, YouTube links, and local files (PDF, audio, video, text) processed via scripts/summarize.sh.
  • Boundary markers: The script uses a simple --- separator when a custom prompt is provided, but does not include explicit instructions to the model to ignore embedded commands in the source text.
  • Capability inventory: The skill has capabilities to read local files, execute subprocesses, and perform network operations via curl.
  • Sanitization: The script uses python3 to JSON-escape the content before transmission to the API, preventing JSON injection but not natural language instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:48 AM