chat-with-anyone
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation describes a workflow that uses an external dependency (
youtube-downloader) to fetch audio and subtitle files from YouTube. This is used to gather reference samples for the voice cloning process.\n- [DATA_EXFILTRATION]: Thescripts/voice_design.pyscript transmits user-provided images and voice descriptions to the vendor's API endpoint athttps://noiz.ai/v1/voice-design. This communication is authenticated via a locally stored API key and is a core component of the skill's functionality.\n- [COMMAND_EXECUTION]: The skill executes theffmpegbinary using thesubprocessmodule to process audio segments. The implementation uses structured argument lists, which is a best practice to mitigate shell injection risks.\n- [PROMPT_INJECTION]: The skill processes untrusted subtitle (SRT) files downloaded from external sources, which creates a potential surface for indirect prompt injection.\n - Ingestion points: Subtitle text is parsed and used as input in the
scripts/extract_ref_segment.pyscript.\n - Boundary markers: There are no explicit markers or instruction-ignoring delimiters used when the agent processes the extracted subtitle data.\n
- Capability inventory: The skill has the ability to execute local commands (
ffmpeg), write to the filesystem, and make network requests to the vendor API.\n - Sanitization: Basic removal of HTML tags from the subtitle content is performed via regular expressions, but there is no logic to filter or sanitize for embedded instructions or malicious text.
Audit Metadata