podcastfy-clawdbot
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/podcastfy_generate.pyinvokes several system-level commands and external utilities usingsubprocess.run, includingffmpeg,ffprobe,pip, andedge-tts. - [EXTERNAL_DOWNLOADS]: During its setup and execution phase, the skill automatically fetches and installs Python packages (
podcastfy,playwright) from the public PyPI registry and downloads browser binaries viaplaywright install. - [REMOTE_CODE_EXECUTION]: The script dynamically constructs a Python code block and executes it using the
python -cflag. This, combined with the runtime installation of external packages, introduces a risk of executing unverified code. - [PROMPT_INJECTION]: The skill retrieves and processes content from arbitrary user-provided URLs. This architecture is susceptible to indirect prompt injection attacks, where instructions hidden on a webpage could influence the behavior of the AI model. 1. Ingestion points: URLs provided as arguments to the
podcastfy_generate.pyscript. 2. Boundary markers: None identified in the wrapper script to separate external content from instructions. 3. Capability inventory: The skill can perform network requests, write files, and execute subprocesses likeffmpeg. 4. Sanitization: No explicit sanitization or filtering of the fetched webpage content was observed in the provided wrapper script.
Audit Metadata