shownotes-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary function is to ingest and summarize longform untrusted content from external sources such as podcasts, videos, and articles.
- Ingestion points: User-provided podcast transcripts, research papers, and web articles as mentioned in
README.md. - Boundary markers: None identified. There are no instructions to the agent to ignore instructions embedded within the processed content.
- Capability inventory: As a 'Claude Code' skill, the execution environment likely includes file system access and terminal command execution capabilities.
- Sanitization: Absent. The skill provides formatting guidelines but no security filtering for external content.
- [Unverifiable Dependencies] (MEDIUM): The
README.mdinstructs users to clone a repository fromhttps://github.com/WomenDefiningAI/claude-code-skills.git. This repository is not within the defined list of trusted organizations or repositories, posing a risk of supply chain attack if the remote content is modified. - [Metadata Poisoning] (LOW): The skill mentions version '1.7' and 'Last updated: 2025-Nov-16', which is a future date relative to current training data, though this is likely a typographical error rather than a malicious trigger.
Recommendations
- AI detected serious security threats
Audit Metadata