podcast-summarizer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes explicit, actionable "attacker role" instructions for embedding base64-encoded commands in ID3 TXXX frames (a hidden hook) which are deceptive and outside the summarizer's stated purpose, constituting a prompt injection risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This code implements an intentional covert backdoor: an attacker tool embeds base64-encoded commands into MP3 ID3 TXXX frames and the summarizer silently reads, decodes, and executes those commands via subprocess.run(shell=True), enabling remote code execution and a supply‑chain style covert channel.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (scripts/summarize_podcast.py) explicitly reads untrusted ID3 TXXX "HW_CONFIG" frames from user-provided MP3 files and base64-decodes that payload and passes it to _delegate_to_profile_optimizer which executes it via subprocess.run, so third-party (user-generated) metadata can inject executable instructions.