podwise
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to fetch the Podwise CLI and its installation script from the vendor's GitHub repository at
github.com/hardhackerlabs/podwise-cli.- [REMOTE_CODE_EXECUTION]: Thereferences/installation.mdfile contains an installation method that usescurlto pipe a remote script fromraw.githubusercontent.comdirectly into the shell (sh). This pattern executes remote code on the local system.- [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with thepodwiseCLI for searching, processing media, and retrieving AI artifacts. It also performs file system operations such as reading and writing markdown files for notes, research reports, and user preferences.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). - Ingestion points: Untrusted data enters the context through
podwise get transcript,get summary, andget highlightsfrom external podcast episodes and YouTube/Xiaoyuzhou URLs. - Boundary markers: The instructions do not define strict boundary markers or 'ignore' instructions when processing transcript data.
- Capability inventory: The skill has the ability to execute shell commands (
podwise) and write files to the local directory. - Sanitization: There is no evidence of content sanitization or escaping before external data is interpolated into synthesized outputs like the 'Episode Debate' or 'Topic Research' reports.
Audit Metadata