podcast-producer-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill orchestrates media processing by executing local Python scripts within the predefined plugin directory. These operations are transparent and aligned with the skill's stated purpose.
- CREDENTIALS_UNSAFE (SAFE): The skill requires a GOOGLE_API_KEY for external services but correctly instructs the user to set it as a prerequisite rather than hardcoding it or attempting exfiltration.
- EXTERNAL_DOWNLOADS (SAFE): Recommended software includes standard tools like FFmpeg and the google-genai library, with no evidence of untrusted remote script execution.
- PROMPT_INJECTION (SAFE): The skill's instructions are purely functional and do not contain patterns aimed at bypassing agent constraints or revealing system prompts.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill handles user-provided text for scripts and prompts. It follows a safe pattern of wrapping these inputs in quotes for command-line arguments, minimizing the risk of accidental command injection.
Audit Metadata