summarize
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages the installation of the 'summarize' command-line utility through the Homebrew package manager using the 'steipete/tap/summarize' formula.- [COMMAND_EXECUTION]: The skill invokes the 'summarize' binary to process user-supplied inputs, including website URLs, local file paths, and YouTube links.- [DATA_EXFILTRATION]: The skill relies on sensitive environment variables for API authentication (such as OPENAI_API_KEY and GEMINI_API_KEY) and accesses a local configuration file at '~/.summarize/config.json'. It also possesses the capability to read local files specified by the user for the purpose of summarization.- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves processing untrusted data from external sources, which presents a risk of indirect prompt injection.
- Ingestion points: Web content from URLs, YouTube video transcripts, and local file data (SKILL.md).
- Boundary markers: No explicit delimiters are specified to separate the fetched data from the agent's internal instructions.
- Capability inventory: Shell execution of the 'summarize' CLI binary (SKILL.md).
- Sanitization: The instructions do not describe any sanitization or validation of the external content before it is processed by the language model.
Audit Metadata