ai-podcast-creation
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references installation scripts and additional skill modules hosted on the vendor's official GitHub repository (inference-sh). These are standard platform components used for setup and extending functionality.\n- [COMMAND_EXECUTION]: All audio generation and processing tasks are performed via the 'belt' CLI tool, which is explicitly allowed in the skill's frontmatter. These commands handle authentication, model invocation, and media merging.\n- [PROMPT_INJECTION]: The 'NotebookLM-Style Content' workflow introduces a surface for indirect prompt injection by ingesting untrusted document content and interpolating it into a script-generation prompt for an LLM.\n
- Ingestion points: The prompt field in the 'openrouter/claude-sonnet-45' application ingestion logic (SKILL.md).\n
- Boundary markers: The document content is included without explicit delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill has access to the 'belt' tool for executing remote applications and managing audio files.\n
- Sanitization: No sanitization or input validation is performed on the ingested document text.
Audit Metadata