jiyao-summary
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
summarize.pyexecutes shell commands usingsubprocess.run(). Specifically, it callspdftotextas a fallback for PDF parsing and uses ageminiCLI tool for summarization. These are legitimate functional dependencies of the skill but involve executing system binaries with parameters derived from file paths or prompt content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted text from files or standard input and interpolates this content directly into system and user prompts for both OpenAI and Gemini models without sanitization or clear boundary markers. An attacker could embed malicious instructions in a meeting transcript to manipulate the summary output or attempt to exfiltrate data from the model's context.
- Ingestion points:
read_inputfunction insummarize.pyreads from user-specified file paths orstdin. - Boundary markers: No explicit delimiters or 'ignore' instructions are used when interpolating
{content}into the final prompt. - Capability inventory: The skill has the ability to read local files, execute shell commands (
pdftotext,gemini), and write files to the user's desktop or Obsidian directory. - Sanitization: No escaping or validation is performed on the ingested transcript content before it is sent to the LLM.
Audit Metadata