Back to skill

Security audit

text-to-published-podcast-rss-test

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can automatically turn submitted text into publicly accessible podcast episodes without a clear confirmation or private-review step.

Install only if you are comfortable sending episode text to Cast0 and having generated episodes appear on a public RSS feed. Do not use secrets, private notes, internal documents, customer data, or personal material unless there is a separate private or draft workflow and the agent asks you to confirm publication first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill clearly states later that episodes auto-publish to an RSS feed and that the feed is publicly accessible without authentication, but it does not present this as a prominent user warning at the point where the capability is introduced. This can lead an agent or user to submit sensitive text believing they are only generating audio, when in fact the content will be publicly distributed.

External Transmission

Medium
Category
Data Exfiltration
Content
## Create an Episode

```bash
curl -X POST https://api.cast0.ai/api/episodes \
  -H "Authorization: Bearer pk_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{"title": "Daily Standup", "text": "Here is what happened today..."}'
Confidence
95% confidence
Finding
curl -X POST https://api.cast0.ai/api/episodes \ -H "Authorization: Bearer pk_xxxxx" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Create an Episode

```bash
curl -X POST https://api.cast0.ai/api/episodes \
  -H "Authorization: Bearer pk_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{"title": "Daily Standup", "text": "Here is what happened today..."}'
Confidence
95% confidence
Finding
https://api.cast0.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
Every podcast has a public feed URL (no auth):

```
https://api.cast0.ai/rss/FEED_TOKEN
```

Subscribe in any podcast app. New episodes appear automatically after generation.
Confidence
93% confidence
Finding
https://api.cast0.ai/

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.