summarize
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the @steipete/summarize package via npm, npx, or Homebrew. These resources are hosted by a third-party developer and are not part of the trusted vendors list or the skill author's verified infrastructure.
- [COMMAND_EXECUTION]: The skill's primary function is to execute the summarize CLI tool with user-provided arguments, including local file paths and media URLs, which increases the attack surface for local system interactions.
- [CREDENTIALS_UNSAFE]: The documentation encourages users to store various service API keys (OpenAI, Anthropic, Gemini, etc.) in a configuration file at ~/.summarize/config.json and mentions their use via environment variables. Accessing and managing sensitive credentials in local configuration files poses a risk of exposure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Processes external content from URLs, local files, and media streams as described in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded instructions are provided in the command patterns.
- Capability inventory: Executes the summarize CLI tool which performs network requests and content extraction.
- Sanitization: No evidence of content filtering or validation of the fetched content before it is passed to the LLM.
Audit Metadata