PodSips Podcast Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PodSips podcast-search integration that sends podcast queries to the PodSips API using a user-provided API key.

Install only if you trust PodSips with your podcast search terms, podcast names, optional RSS URLs, and PODSIPS_API_KEY. Watch credit usage, especially full transcript requests, and confirm before submitting a missing-podcast request if the request contains sensitive or private information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description contains broad trigger language such as general research and summarization requests, which can cause the agent to invoke this skill for queries that are not clearly about podcasts. That increases the chance of unnecessary external API calls and unintended transmission of user prompts to a third-party service.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill repeatedly instructs sending user queries and podcast request data to PodSips, but it does not require any user-facing notice or consent about third-party data sharing. This creates a privacy risk because user-entered search terms, podcast names, and RSS URLs may be transmitted externally without informed user approval.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal