Security audit

Podcast Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only podcast production helper that can save local episode and sponsor records, so users should be deliberate about what they log.

Install only if you want an assistant that can keep local podcast production records. Review podcast-data.json periodically, avoid logging sensitive transcripts, sponsor contacts, or ad scripts unless needed, and check generated social posts or emails before publishing or sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The changelog documents that episode data is written when the user explicitly says "log this episode," but that trigger phrase is broad and conversational enough to be matched unintentionally in normal podcast workflow. In a skill that now maintains persistent JSON state across episodes, ambiguous write triggers can cause unauthorized or accidental persistence of transcripts, guest names, sponsor details, or other episode metadata the user did not clearly intend to save.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The README explicitly states the skill auto-detects intent from broad conversational context and even activates on casual phrases like 'I need show notes' or 'I have a guest this week.' That trigger scope is overly broad for a skill that can process transcripts, perform web research, and write persistent episode data, increasing the chance of unintended activation, unnecessary data handling, or unintended persistence from ordinary conversation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README says episode history and sponsor tracking are logged to a persistent `podcast-data.json` and that the file is created automatically, but it does not prominently warn users that potentially sensitive business information will be stored across sessions. In a podcast workflow, this may include guest identities, unpublished episode plans, sponsor campaigns, and seasonal metadata, creating privacy and retention risks if users do not realize persistence is happening.

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill description explicitly tells the system to activate on broad podcast-related topics and even casual phrases, which materially increases the chance of unintended invocation. Over-broad triggering can cause the assistant to engage the skill in contexts where the user did not intend data processing, persistence, or mode-specific behavior, creating privacy and safety risks.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: Telling the assistant to infer the mode from context and not ask the user to choose can lead to incorrect workflow selection, especially between prep, post-production, and persistence-related actions. Misclassification may cause the model to process transcripts, generate public-facing content, or prepare storage actions the user did not actually want.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill persistently stores episode history, sponsor details, and potentially full transcripts in a local JSON file, but it does not require clear notice or consent before retaining that data. Because transcripts and sponsor records may contain sensitive business information or personal data, silent retention increases privacy, confidentiality, and data handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.