ai-podcast-creation
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates processing untrusted external content (e.g., 'your-document-content') to generate podcast scripts via LLMs. There are no explicit boundary markers or sanitization steps used when interpolating this external data into the prompts, creating a surface for indirect prompt injection where a document could contain hidden instructions to influence the agent or the generated output.
- [COMMAND_EXECUTION]: The skill is authorized to execute 'infsh' commands via the Bash tool. These commands are used to interact with the vendor's platform services for audio generation, music creation, and media merging.
- [EXTERNAL_DOWNLOADS]: The documentation encourages the installation of additional skill packages from the vendor's repository ('inference-sh/skills') using the npx command.
Audit Metadata