summarize
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata defines an installation step using Homebrew to fetch a binary from a third-party tap (steipete/tap/summarize) which is not among the verified trusted organizations.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the 'summarize' binary with user-supplied arguments such as URLs and local file paths, which could lead to command injection if arguments are not properly handled by the underlying system.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from untrusted external sources like web URLs and YouTube transcripts. 1. Ingestion points: SKILL.md (via URL and file path parameters passed to the tool). 2. Boundary markers: No explicit instructions provided to the agent to ignore or delimit instructions found within the summarized content. 3. Capability inventory: SKILL.md (binary execution of the 'summarize' tool). 4. Sanitization: The skill does not describe any sanitization or validation of the ingested external content.
Audit Metadata