ai-podcast-creation
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in the 'NotebookLM-Style Content' workflow where it processes untrusted documents.
- Ingestion points: Raw document content from the user is interpolated directly into an LLM prompt in SKILL.md.
- Boundary markers: The prompts lack clear delimiters or instructions to the agent to disregard potential commands hidden within the processed text.
- Capability inventory: The skill utilizes the
infshtool via Bash to perform network-based API requests for audio generation and media merging. - Sanitization: No sanitization or validation of the input document is described or implemented.
- [EXTERNAL_DOWNLOADS]: The skill references external resources for setup and extending functionality.
- Provides links to installation instructions hosted on a GitHub repository (
inference-sh/skills). - Instructs users on adding related components via the
npxpackage manager from the vendor's repository. - [COMMAND_EXECUTION]: The skill's primary operations involve executing shell commands.
- Uses the
infshCLI tool for inference and media processing. - Command execution is restricted to the
infshbinary through theallowed-toolsmanifest configuration.
Audit Metadata