Security audit

Weryai Podcast Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeryAI podcast API wrapper; the flagged upload and music-generation code is extra vendored code that is not used by the documented podcast entrypoints.

Install only if you trust this package with a WeryAI API key and paid account credits. Keep WERYAI_BASE_URL on the official WeryAI API host unless you intentionally trust another endpoint, use dry-run before paid generation, and stick to the documented podcast scripts rather than the extra vendored music helpers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The helper uploads local files to whatever ctx.baseUrl points to and only emits a warning for non-official domains, which means sensitive local files can be exfiltrated to attacker-controlled endpoints if configuration is influenced upstream. In an agent skill context, this is especially dangerous because skills often bridge user-controlled inputs and local filesystem access, turning a misconfiguration or prompt-driven endpoint change into data exfiltration.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This file implements music generation and reference-audio upload logic inside a skill advertised as a podcast generator, creating a clear scope mismatch between declared capability and actual behavior. That mismatch is dangerous because it can cause users, reviewers, or higher-level orchestration to grant permissions or trust assumptions appropriate for podcast generation while the code performs materially different media-processing actions, including uploading user-provided audio to a remote API.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code automatically resolves and uploads a local or provided reference audio source via resolvePublicUrlFromSource before submitting the generation request, with no evidence in this file of an explicit user-facing warning, consent check, or disclosure. In an agent setting, silent transmission of user audio or local file content to a third-party endpoint can expose sensitive data and violate user expectations, especially because dry-run messaging acknowledges the upload path only for previews rather than enforcing consent in real execution.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal