wjs-voicedrop
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation includes instructions for administrative users to source sensitive local environment files (
~/code/.env) into the shell environment to retrieve theFILES_TOKEN. This pattern exposes all variables within the.envfile to the agent's context. - [COMMAND_EXECUTION]: The skill uses shell commands like
curlfor API communication andsourcefor environment configuration. - [DATA_EXFILTRATION]: The skill transmits authentication tokens and user-provided text to the external API domain
jianshuo.dev. While this domain corresponds to the author's vendor infrastructure, it represents a data transmission to a remote service. - [PROMPT_INJECTION]: The 'distill' mode ingests multiple user-provided articles to analyze and extract writing styles. This creates a surface for indirect prompt injection if the processed data contains malicious instructions intended to manipulate the agent.
- Ingestion points: User-provided articles ingested during the 'distill' mode as described in
SKILL.md. - Boundary markers: Uses descriptive prompts to guide a sub-agent, but lacks strong structural isolation for untrusted content.
- Capability inventory: The skill has access to network operations (
curl) and file-system writes (to/tmp/and via the API). - Sanitization: No validation or sanitization of the article content is performed prior to analysis by the sub-agent.
Audit Metadata