summarize
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a binary via a third-party Homebrew tap (steipete/tap/summarize) which is not a verified or trusted vendor.
- [COMMAND_EXECUTION]: The skill executes the
summarizeCLI tool using user-supplied URLs and local file paths as arguments, which can interact with the local file system and make network requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Processes content from arbitrary URLs, YouTube transcripts, and local files (e.g., PDF).
- Boundary markers: There are no instructions to wrap the summarized output in delimiters or to ignore embedded instructions within the processed text.
- Capability inventory: The agent can execute shell commands (
summarize) and access the network and file system. - Sanitization: No evidence of sanitization or filtering of the extracted content before it is returned to the agent's context.
- [CREDENTIALS_UNSAFE]: The skill explicitly mentions and requires the use of multiple sensitive API keys (OpenAI, Anthropic, XAI, Google, Firecrawl, and Apify) via environment variables and configuration files (~/.summarize/config.json).
Audit Metadata