Podcast Generation with Microsoft Foundry

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent guide for generating podcast audio with Azure OpenAI, with privacy-relevant but disclosed third-party processing of user content.

Install only if you are comfortable configuring an Azure OpenAI API key and sending the selected text, bookmark summaries, or scripts to Azure for audio generation. If you implement the database examples, define who can access generated audio/transcripts, how long they are retained, and how users can delete them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document instructs developers to send user-provided script content to Azure OpenAI for audio generation but does not include any user-facing notice, consent flow, or guidance on handling sensitive content. This can lead to unintentional transmission of personal, confidential, or regulated data to a third-party service, creating privacy and compliance risk even if the code path is otherwise legitimate.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example sends bookmark titles and summaries to Azure OpenAI's external realtime API, which constitutes third-party data disclosure. There is no visible consent flow, sensitivity check, redaction step, or user-facing notice, so implementers may unknowingly transmit private or proprietary content off-platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal