talk-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate orchestrator for content preparation. It identifies clear inputs, stages, and outputs consistent with its stated purpose. Analysis of the instructions reveals no attempts at prompt injection, obfuscation, or persistence.\n- [DATA_EXPOSURE]: The skill requests access to local source materials (
source_path) and git repositories (repo_path). This data access is essential for the primary functionality of summarizing content and performing 'git archaeology' for technical talks. No exfiltration patterns or unauthorized data access were found.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from local files and git history, which represents a potential attack surface for indirect prompt injection. However, this processing is the intended purpose of the tool, and the workflow includes a checkpoint requiring human confirmation before final script generation.\n - Ingestion points:
source_path,repo_path(SKILL.md)\n - Boundary markers: Absent\n
- Capability inventory:
ReadandWritetools used to process materials and save outputs (SKILL.md)\n - Sanitization: Not explicitly specified in the orchestration logic.\n- [COMMAND_EXECUTION]: The skill uses user-provided variables (
slug,date) to construct file paths for writing outputs. This pattern is standard for the skill's directory management and does not include execution of arbitrary shell commands.
Audit Metadata