generate-voice-guide

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses public social media data from X (Twitter) and LinkedIn using Apify's scraping services. It requires the 'APIFY_API_TOKEN' environment variable for authentication. These operations are essential for the skill's stated purpose of voice analysis.
  • [COMMAND_EXECUTION]: The agent is instructed to read and write files within the user's home directory specifically at '~/.goose-skills/'. It updates a JSON configuration file ('config.json') to store paths to generated markdown voice guides.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Risk: The skill ingests untrusted data from external social media posts.
  • Ingestion points: External social media content fetched via Apify actors (SKILL.md Phase 1).
  • Boundary markers: None specified; the agent is instructed to analyze the raw text for persona and tone extraction.
  • Capability inventory: The agent has capabilities to write and modify files in the '~/.goose-skills/' directory and perform network requests via Apify (SKILL.md Phase 4).
  • Sanitization: No specific sanitization or filtering of the scraped content is mentioned before the agent processes it for analysis and sample generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:06 PM
Security Audit — agent-trust-hub — generate-voice-guide