Skills
skills/kesslerio/podcastfy-generator-openclaw-skill/podcastfy-generator/Gen Agent Trust Hub

podcastfy-generator

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation script ('scripts/install.sh') downloads and executes the 'uv' package manager installer from its official domain (astral.sh). Although this uses a shell pipe pattern, the source is a well-known and reputable technology provider.
  • [EXTERNAL_DOWNLOADS]: The skill downloads necessary Python libraries, including 'podcastfy' and 'openai', from standard package registries during its setup phase.
  • [COMMAND_EXECUTION]: The skill uses system calls to execute 'ffmpeg' for audio transcoding and a local binary for offline text-to-speech synthesis. It also executes a Python sub-process to run the podcast generation logic within an isolated virtual environment.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from URLs, YouTube transcripts, and PDF files.
  • Ingestion points: External data is ingested via '--url' and '--pdf' arguments in 'scripts/generate.py'.
  • Boundary markers: No specific delimiters or instructions are used to separate third-party content from the system prompt.
  • Capability inventory: The skill is capable of network access for API integration, file system access for reading documents and writing audio, and executing subprocesses for audio processing.
  • Sanitization: No explicit sanitization or filtering is performed on the content before it is passed to the LLM for dialogue generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 12:20 PM