summarize
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill metadata requires the installation of a binary via a third-party Homebrew tap (
steipete/tap/summarize). This source is not on the trusted repository list, posing a risk of executing unverified external code. - [COMMAND_EXECUTION] (LOW): The skill is designed to execute the
summarizecommand-line utility with user-supplied arguments, including local file paths and URLs. - [PROMPT_INJECTION] (LOW): (Indirect Prompt Injection Surface Detected)
- Ingestion points: Processes external data from URLs, YouTube transcripts, and local files via the
summarizeCLI. - Boundary markers: Absent. The skill does not implement delimiters or instructions to ignore embedded commands in the ingested content.
- Capability inventory: Executes local binaries, reads local filesystem paths, and performs network requests via the tool.
- Sanitization: Absent. Content fetched from external URLs is passed directly to the summarization logic without visible filtering.
- [DATA_EXFILTRATION] (LOW): While the skill accesses sensitive environment variables (API keys for OpenAI, Anthropic, Google, etc.) and local files, there is no evidence of these being sent to unauthorized third parties beyond the intended LLM providers.
Audit Metadata