summarize
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installation requires a third-party Homebrew tap (
steipete/tap/summarize). This source is not affiliated with any trusted organizations and allows for the execution of arbitrary binaries on the host system upon installation. - COMMAND_EXECUTION (MEDIUM): The skill relies on the execution of the
summarizecommand-line utility. This utility is used to process arbitrary external inputs (URLs, file paths, and YouTube links) provided by the user. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill retrieves and processes text from external URLs, YouTube transcripts, and local files (e.g., PDFs).
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the LLM to ignore instructions that might be embedded within the summarized content.
- Capability inventory: The skill executes a local binary and reads its output. While it doesn't explicitly perform network sends in the script itself, the binary it invokes is designed to communicate with external URLs and API providers.
- Sanitization: Absent. There is no evidence of filtering or sanitizing the content extracted from the web before it is passed back to the agent.
Audit Metadata