Podcast Generate
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external content from files and web searches.
- Ingestion points: Content is ingested via the
--inputfile path and theweb_searchfunction call ingenerate.ts. - Boundary markers: The script uses simple text labels like
【资料】but lacks explicit instructions to the AI to ignore directives embedded within the provided data. - Capability inventory: The agent has file system access for reading and writing, and network access through the
z-ai-web-dev-sdk. - Sanitization: Input material is not sanitized or filtered before being interpolated into the user prompt.
- [EXTERNAL_DOWNLOADS]: The skill depends on the
z-ai-web-dev-sdkfor its core features, including LLM interaction, TTS synthesis, and web searching. This is a vendor-provided dependency required for the skill's primary purpose.
Audit Metadata