Skills
skills/notque/claude-code-toolkit/create-voice/Gen Agent Trust Hub

create-voice

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts (voice-analyzer.py, voice-validator.py) using the Bash tool to perform quantitative analysis and content validation during the voice creation process.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of untrusted data.\n
  • Ingestion points: Writing samples are gathered from user-provided markdown files in skills/voice-{name}/references/samples/*.md.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when the agent reads the samples.\n
  • Capability inventory: The skill uses Bash to execute local scripts and Write to generate a functional SKILL.md instruction file.\n
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external sample content before it is interpolated into the reasoning process or the generated skill output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 12:34 PM
Security Audit — agent-trust-hub — create-voice