Back to skill

Security audit

Podcast Production Pipeline

Security checks across malware telemetry and agentic risk

Overview

The skill’s podcast automation purpose is coherent, but it ships exposed credentials and automatically sends workflow metadata through an authenticated Discord gateway path that is not clearly disclosed.

Review before installing. Do not use the bundled API keys or hardcoded gateway token; assume they are exposed and replace them with your own securely managed credentials only if needed. Use non-sensitive episode topics and guest names unless you are comfortable sending them to Tavily and posting completion metadata to the configured Discord channel. Treat generated show notes, descriptions, and social posts as drafts requiring human review before publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
This configuration file contains plaintext API keys for Tavily, Gemini, and ElevenLabs. Embedded credentials can be exfiltrated by anyone with repository or artifact access and then abused to consume paid services, access external APIs under the owner's identity, and potentially process sensitive podcast or research data through third-party systems.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script performs an additional outbound action by posting status information to Discord after generating the outline. While not inherently malicious, this expands the skill's behavior beyond local pre-production and creates an unsolicited data egress path for episode metadata, which may leak sensitive topics, guest identities, or workflow details.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The embedded messaging capability allows the script to send messages to a configured Discord channel, which is broader than simple research and outline generation. In this skill context, that extra communication channel increases the attack surface and can expose operational metadata or be repurposed for unintended outbound communication.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code falls back to a hardcoded bearer token when the environment variable is absent, effectively embedding a credential in source code. This is dangerous because anyone with access to the script can reuse the token to access the local gateway messaging API, enabling unauthorized message sending and possible abuse of connected tooling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automatic generation of show notes, SEO descriptions, social posts, and platform-ready publishing assets without any explicit requirement for human review. In a podcast workflow, these outputs can easily contain factual errors, defamatory claims, private information from transcripts, or sensitive guest details, creating a real risk of accidental public disclosure or reputational harm if users treat the output as ready to publish.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly automates guest research, topic research, and generation of publishing assets, but the documentation does not warn users that personal data, opinions, controversies, transcripts, and platform-ready content may be collected, processed, and redistributed. In a podcast workflow, this can lead to privacy violations, reputational harm, or accidental publication of sensitive or defamatory material, especially when third-party tools or models are involved.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The configuration advertises use of external API keys and cloud services for research/content generation, but does not disclose that episode materials, guest details, or transcripts may be sent to third parties. This creates a real data-governance risk because users may unknowingly upload personal, confidential, or unpublished content to external providers without consent, retention awareness, or jurisdictional review.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied topic and guest-related queries to Tavily without any warning, consent flow, or data handling notice. In podcast production, topics and guest names may be embargoed or confidential, so silent transmission to an external service can create privacy and confidentiality risks.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/podcast-pre-production.cjs:189

File read combined with network send (possible exfiltration).

Warn
Code
suspicious.potential_exfiltration
Location
scripts/podcast-pre-production.cjs:13