summarize
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a binary from a third-party Homebrew tap (
steipete/tap/summarize). This creates a dependency on an unverified external source during the skill setup process.- [COMMAND_EXECUTION]: The skill operates by executing thesummarizecommand-line tool. It passes user-provided URLs and file paths directly as arguments to this external binary.- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external URLs, YouTube transcripts, and local files. This creates an indirect prompt injection surface where malicious instructions embedded in the summarized content could attempt to influence the agent's logic. - Ingestion points: External URLs, YouTube video links, and local file paths.
- Boundary markers: None identified in the provided instructions to differentiate between user instructions and ingested content.
- Capability inventory: The skill uses a CLI tool to interface with various LLM providers (OpenAI, Anthropic, xAI, Google) to generate summaries.
- Sanitization: No explicit sanitization or filtering of the extracted text is mentioned before it is processed by the model.
Audit Metadata