podcast
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
subprocess.runto invokeffmpegandffprobefor audio and video processing inscripts/convert_mp4.pyandscripts/generate_tts.py.- [COMMAND_EXECUTION]: TheSKILL.mdfile instructs the agent to use theafplayutility to play generated audio files locally on macOS.- [CREDENTIALS_UNSAFE]: Thescripts/upload_youtube.pyscript automatically searches for and reads Google OAuth client secrets from standard user directories, including~/Downloads/and~/.config/google/.- [CREDENTIALS_UNSAFE]: The skill's instructions inSKILL.mddescribe passing the OpenAI API key as a command-line argument togenerate_tts.py, which may expose the key in system process logs.- [EXTERNAL_DOWNLOADS]: Fetches audio data from OpenAI's TTS API and uploads video content to Google's YouTube Data API.- [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, social media posts, and repositories, creating a surface for indirect prompt injection during script generation. - Ingestion points: Fetches data from URLs, Twitter/X posts (via
api.fxtwitter.com), PDFs, and GitHub repositories as defined inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands in the ingested source text.
- Capability inventory: The skill can perform network operations, write to the local file system, and execute shell commands via Python scripts.
- Sanitization: The
scripts/generate_tts.pyscript removes markdown formatting and tags from the script but does not validate or sanitize for embedded natural language instructions.
Audit Metadata