voice-builder
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The 'CRITICAL: Auto-start on load' section in SKILL.md contains explicit instructions to override standard agent behavior. It directs the agent to skip summaries, explanations, and user confirmations, forcing immediate execution of the interview process upon loading.
- [DATA_EXFILTRATION]: The skill processes untrusted user-supplied writing samples to generate file content, creating an indirect prompt injection surface where embedded instructions in the samples could influence the agent's output.
- Ingestion points: User-provided text pasted in response to Step 3 in SKILL.md.
- Boundary markers: Absent. No instructions are provided to the agent to treat sample text strictly as data or to ignore embedded commands.
- Capability inventory: The agent has the capability to write to the file system (creating about-me.md and voice.md) and use interactive tools (AskUserQuestion).
- Sanitization: Absent. The skill does not define any validation or filtering for the input text before it is analyzed by the model.
Audit Metadata