barry-coach
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends using the
skillsutility via npx to download and install theInterpreterBarry/barry-english-toolkitpackage. This is used to fetch methodology resources from the author's repository. - [COMMAND_EXECUTION]: Provides a maintenance command for the user to execute (
npx -y skills add InterpreterBarry/barry-english-toolkit -g --all) to ensure the methodology wiki is correctly installed and accessible. - [PROMPT_INJECTION]: Identifies an indirect prompt injection surface due to data ingestion from external files.
- Ingestion points: Reads user profile data from
~/.barry-english/profile.mdand instructional content from methodology wiki files located inMETHODOLOGY_ROOT/wiki/. - Boundary markers: Lacks explicit delimiters or boundary markers for external data within the instruction set.
- Capability inventory: The skill can write to the local file system (
fancy-vocab.md) and suggest shell commands to the user. - Sanitization: No formal sanitization of ingested content is described, though the skill is instructed to adapt responses using a specific persona rather than verbatim execution.
Audit Metadata