summarize
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the summarize utility via a third-party Homebrew tap (steipete/tap/summarize), introducing a dependency on external code not managed by a recognized trusted provider.
- [COMMAND_EXECUTION]: The skill relies on executing a local binary named summarize to process user inputs, local files, and remote URLs.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingest and processes untrusted data from external websites, transcripts, and files.
- Ingestion points: Untrusted content enters the agent context through the output of the summarize command when processing URLs or local files.
- Boundary markers: There are no explicit instructions or delimiters defined in the skill to warn the agent about potentially malicious instructions embedded in the summarized text.
- Capability inventory: The skill executes a binary and makes network requests to various LLM provider APIs using environment-stored keys.
- Sanitization: No evidence of content sanitization or instruction-filtering is present in the skill definition.
Audit Metadata