generate-voice-guide
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses public social media data from X (Twitter) and LinkedIn using Apify's scraping services. It requires the 'APIFY_API_TOKEN' environment variable for authentication. These operations are essential for the skill's stated purpose of voice analysis.
- [COMMAND_EXECUTION]: The agent is instructed to read and write files within the user's home directory specifically at '~/.goose-skills/'. It updates a JSON configuration file ('config.json') to store paths to generated markdown voice guides.
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk: The skill ingests untrusted data from external social media posts.
- Ingestion points: External social media content fetched via Apify actors (SKILL.md Phase 1).
- Boundary markers: None specified; the agent is instructed to analyze the raw text for persona and tone extraction.
- Capability inventory: The agent has capabilities to write and modify files in the '~/.goose-skills/' directory and perform network requests via Apify (SKILL.md Phase 4).
- Sanitization: No specific sanitization or filtering of the scraped content is mentioned before the agent processes it for analysis and sample generation.
Audit Metadata