Scan Report
5 /100
podcast-transcript-mining-authority-positioning
Extract guest appearances, speaking topics, and soundbites from podcast transcripts to build authority portfolios and generate podcast pitch templates
This is a legitimate podcast content processing skill with comprehensive documentation and no malicious behavior detected.
Safe to install
No action required. The skill is safe to use with declared API keys.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:65 - Upload transcripts, RSS feeds, file formats |
| Network | READ | READ | ✓ Aligned | SKILL.md:133-136 - Slack, Google Search, OpenAI API calls |
| Shell | NONE | NONE | — | No shell execution commands in documentation |
| Environment | READ | READ | ✓ Aligned | SKILL.md:132-137 - OPENAI_API_KEY, GOOGLE_SEARCH_API_KEY, SLACK_WEBHOOK_URL |
| Skill Invoke | NONE | NONE | — | No skill chaining declared |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | No browser automation documented |
| Database | NONE | NONE | — | No database operations documented |
3 findings
Medium External URL 外部 URL
https://hooks.slack... SKILL.md:135 Medium External URL 外部 URL
https://yoursite.com SKILL.md:138 Medium External URL 外部 URL
https://feeds.example.com/podcast.xml SKILL.md:173 File Tree
1 files · 15.7 KB · 347 lines Markdown 1f · 347L
└─
SKILL.md
Markdown
Security Positives
✓ All external API integrations (OpenAI, Google Search, Slack) are clearly declared
✓ No shell execution, subprocess, or command injection patterns present
✓ No credential harvesting beyond declared API key usage
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No supply chain risks - no dependencies or external scripts
✓ Documentation is comprehensive and matches intended functionality
✓ No sensitive path access (~/.ssh, ~/.aws, .env) attempted
✓ External URLs are legitimate service endpoints (Slack webhooks, Google API)