podcast-generation
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is susceptible to indirect prompt injection because it processes untrusted data from bookmarks and tags to generate audio narratives. \n- Ingestion points: In
references/code-examples.md, thegenerate_audio_narrativefunction retrieves bookmark titles and summaries from a database and concatenates them into the prompt. \n- Boundary markers: There are no delimiters or markers (e.g., XML tags or triple quotes) used to isolate the bookmark content from the narrator's behavioral instructions. \n- Capability inventory: The skill produces external-facing audio and text transcripts, providing a delivery mechanism for injected content. \n- Sanitization: The code lacks logic to escape or validate the interpolated bookmark strings before they are sent to the LLM.
Audit Metadata