summarize
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of a binary from a third-party Homebrew repository ('steipete/tap/summarize').
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute the 'summarize' command-line interface with user-provided arguments.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external sources like websites and YouTube transcripts.
- Ingestion points: Processes external URLs, YouTube video links, and local files (SKILL.md).
- Boundary markers: Absent; the instructions do not define delimiters or specific warnings to ignore instructions embedded in the summarized content.
- Capability inventory: Execution of the 'summarize' CLI tool and subsequent processing of its output.
- Sanitization: Absent; the skill does not mention validation or sanitization of the content fetched from the remote sources.
Audit Metadata