podcast
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell commands (
mkdir,echo,curl) to manage local configuration files and interact with the vendor's API. These operations are restricted to the.listenhub/podcast/directory as per the skill's constraints. - [EXTERNAL_DOWNLOADS]: The skill downloads generated podcast audio files and transcripts from
api.marswave.aiand associated storage URLs. These are functional requirements of the skill and originate from the vendor's own infrastructure. - [DATA_EXFILTRATION]: The skill transmits user-provided topics, URLs, or text to
https://api.marswave.ai/openapi/v1/podcast/episodesfor processing. This is the primary purpose of the skill and uses a non-whitelisted but vendor-owned domain. - [CREDENTIALS_UNSAFE]: The skill requires the
LISTENHUB_API_KEYenvironment variable for authentication. It follows best practices by reading the key from the environment rather than hardcoding it, and it includes instructions for checking and setting up the configuration securely.
Audit Metadata