Skills
skills/willsigmon/sigstack/Podcast Analytics Expert/Gen Agent Trust Hub

Podcast Analytics Expert

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection due to its core functionality of processing external data combined with powerful tool access.
  • Evidence Chain:
  • Ingestion points: The skill fetches data from api.transistor.fm, op3.dev, and api.appstoreconnect.apple.com as seen in SKILL.md.
  • Boundary markers: No markers or 'ignore' instructions are used when handling API responses.
  • Capability inventory: The skill metadata explicitly allows Bash, Edit, and WebFetch tools.
  • Sanitization: No sanitization or schema validation is performed on the incoming data before potential processing.
  • External Downloads (LOW): The skill performs network requests using curl and Python requests to non-whitelisted domains (transistor.fm, op3.dev, appstoreconnect.apple.com). While these are aligned with the stated purpose, they represent external data ingestion.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:35 PM