summarize
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Downloads (HIGH): The skill requires the installation of the 'summarize' binary via a third-party Homebrew tap ('steipete/tap/summarize'). This source is not verified or part of the trusted organization list, posing a risk of running unvetted executable code on the host system.
- Indirect Prompt Injection (HIGH): This skill is highly susceptible to indirect prompt injection. * Ingestion points: Processes arbitrary content from external URLs, YouTube transcripts, and local files (PDFs). * Boundary markers: None. There are no instructions for the agent to use delimiters or ignore instructions embedded within the summarized text. * Capability inventory: The 'summarize' tool has file system read access and network access to various AI providers. * Sanitization: No sanitization is performed on the ingested content before it is processed by the model. A malicious website or PDF could contain instructions that override the agent's behavior.
- Command Execution (MEDIUM): The skill executes the 'summarize' CLI tool using user-provided paths and URLs. If the binary does not properly sanitize these inputs, it could lead to command injection or unexpected file access.
- Data Exposure (MEDIUM): The skill facilitates the use of several high-value API keys (OpenAI, Anthropic, Gemini, etc.) in the environment. An untrusted binary with network access could exfiltrate these keys or sensitive local files provided to it for summarization.
Recommendations
- AI detected serious security threats
Audit Metadata