summarize
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'summarize' binary via a third-party Homebrew tap ('steipete/tap/summarize').
- [COMMAND_EXECUTION]: The skill executes the 'summarize' command-line tool with user-specified arguments to process external data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
- Ingestion points: Data is ingested from external URLs, YouTube transcripts, and local files as specified in the skill instructions.
- Boundary markers: No delimiters or instructions are used to signal the agent to ignore commands potentially embedded in the ingested data.
- Capability inventory: The skill possesses the capability to execute shell commands and interact with various LLM APIs using environment-stored keys.
- Sanitization: No evidence of content sanitization or validation is present for data retrieved from external sources.
Audit Metadata