podcast
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill does not exhibit any malicious patterns, obfuscation, or unauthorized data access. It follows security best practices by using environment variables for API keys and local configuration files for user preferences.
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
curl,jq) to perform API requests and poll for completion status. These commands are statically defined in the instructions and interact only with the vendor's authorized API endpoints. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from user-supplied URLs and text.
- Ingestion points: Topic and reference material input in Step 1 of
SKILL.md. - Boundary markers: None; the skill interpolates the raw content into the API request body.
- Capability inventory: Network access via
curltoapi.marswave.ai, file-writing for configuration (.listenhub/podcast/config.json) and audio artifacts. - Sanitization: No local sanitization or escaping is implemented; safety is deferred to the backend API provider.
Audit Metadata