cast
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from repository files and agent handoffs to create and update persona profiles.\n
- Ingestion points: Processes content from
README.md,docs/**/*.md, source code files (src/**/*), and handoffs from 'Researcher', 'Trace', and 'Voice' agents.\n - Boundary markers: Employs confidence scores and
[inferred]tags to label synthesized data, providing some distinction between source evidence and AI-generated content.\n - Capability inventory: Performs file system writes to
.agents/personas/, manages a centralizedregistry.yaml, and executes shell commands for engine availability checks.\n - Sanitization: Lacks explicit sanitization or validation logic for the content extracted from repository files before it is used in persona synthesis.\n- [EXTERNAL_DOWNLOADS]: The
SPEAKworkflow includes a check usingnpx --yes edge-tts, which can automatically download the package from the public npm registry if it is not already installed in the environment.\n- [COMMAND_EXECUTION]: The skill executes local shell commands (e.g.,curl,which,npx) to verify the installation and connectivity of various text-to-speech engines such as VOICEVOX and Microsoft's edge-tts.
Audit Metadata