voice-dossier-builder

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from emails, pitch decks, and social media exports.
  • Ingestion points: Raw text from emails, decks, and social media platforms (LinkedIn, X, 小红书, etc.) are ingested to extract brand voice.
  • Boundary markers: The instructions include a manual guardrail directing the agent to treat these inputs as untrusted per [SECURITY.md] and explicitly stating that input text should not be allowed to modify security-sensitive lists like banned phrases.
  • Capability inventory: The skill writes analysis results to various memory/ locations, including candidates.md, which are subsequently used by other skills to generate content.
  • Sanitization: The skill relies on natural language instructions for the AI to ignore embedded commands rather than programmatic sanitization.
  • [COMMAND_EXECUTION]: The skill uses local Python scripts to fetch data from open social profiles.
  • Evidence: It utilizes scripts/connectors/bluesky.py and fediverse.py for open own-profile pulls.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:38 PM
Security Audit — agent-trust-hub — voice-dossier-builder