barry-solution
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to automate the installation of personalized training skills into the agent's environment, which includes the capability to delete existing skill directories during a cleanup process.
- [COMMAND_EXECUTION]: The skill generates and writes executable shortcut scripts (.command for macOS and .bat for Windows) to the user's desktop to facilitate the manual launching of the local quiz application.
- [REMOTE_CODE_EXECUTION]: The skill deploys and starts a local Node.js server that manages vocabulary data and spawns system subprocesses (using tools like 'say' or 'powershell') to provide speech synthesis functionality.
- [DATA_EXFILTRATION]: Text-to-speech functionality involves proxying user-selected vocabulary and example sentences to Google's Translation API to generate audio files. Note that Google is a well-known and established service.
- [SAFE]: The skill references trusted educational sources such as BBC Learning English and VOA Learning English, and provides instructions for downloading software from official sources like nodejs.org.
Audit Metadata