Podcast Manager

This skill appears to do what it says: fetch public RSS/Atom feeds, summarize episodes, and store minimal local tracking files. Things to consider before installing or enabling it for autonomous use: - Review the bundled scripts (scripts/feed_probe.py) and, if possible, run them in a sandbox before giving the agent network access. The script includes several good protections (size limit, blocking DOCTYPE/ENTITY, DNS-based private-IP checks), but it performs DNS resolution once before the HTTP request and does not re-validate the final IP after redirects. A malicious or misconfigured feed server could issue a redirect to a private/internal address, potentially enabling SSRF. Ask the maintainer to either block redirects or validate the final resolved IP after redirects. - The skill will fetch arbitrary HTTP/HTTPS URLs and create files under memory/podcasts. If you run agents in an environment with sensitive internal services, consider restricting outbound network access or running the agent in a network-isolated environment. - Because the skill writes local files, back up any important data you keep under the memory directory and ensure file permissions are appropriate. - If you need stronger guarantees, request or implement an additional check that validates the final request target (post-redirect) and/or enforces no-redirect behavior when probing feeds. Overall the package is coherent and minimal, but review the redirect/SSRF edge case and run the bundled probe in a controlled environment if you have sensitive internal resources.