summarize
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of a third-party binary via a personal Homebrew tap (
steipete/tap/summarize). This involves downloading and installing executable code from a source outside of the pre-defined trusted organizations list. - [COMMAND_EXECUTION]: The skill is designed to execute the
summarizecommand-line utility. It passes user-provided strings (URLs and file paths) directly as arguments to this subprocess. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from the internet and local files.
- Ingestion points: The skill reads and processes content from arbitrary URLs, YouTube transcripts, and local file paths (e.g., PDF files) provided by the user or extracted by the tool.
- Boundary markers: There are no boundary markers or delimiters defined in the instructions to help the agent distinguish between its own instructions and the content being summarized.
- Capability inventory: The skill utilizes subprocess execution of the
summarizebinary, which has capabilities for network access and local file system reads. - Sanitization: No sanitization, filtering, or validation steps are mentioned for the text extracted from external sources before it is analyzed by the LLM.
Audit Metadata