summarize
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the 'summarize' CLI utility from a third-party Homebrew tap ('steipete/tap/summarize') which is not on the trusted vendor list.
- [COMMAND_EXECUTION]: The skill executes the 'summarize' binary using user-provided parameters such as URLs and local file paths.
- [PROMPT_INJECTION]: The skill processes untrusted data from URLs, YouTube transcripts, and local files which creates an indirect prompt injection surface. Ingestion points: URLs, YouTube links, local files. Boundary markers: None. Capability inventory: execution of the 'summarize' binary. Sanitization: None mentioned.
- [CREDENTIALS_UNSAFE]: The skill uses environment variables (e.g., 'OPENAI_API_KEY', 'GEMINI_API_KEY') and a configuration file ('~/.summarize/config.json') for API key management.
Audit Metadata