Skills
skills/athola/claude-night-market/voice-review/Gen Agent Trust Hub

voice-review

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its text processing workflow.
  • Ingestion points: The skill ingests untrusted content via generated_text from local files or the clipboard (SKILL.md, Step 1).
  • Boundary markers: The skill fails to use delimiters or 'ignore embedded instructions' warnings when interpolating the {generated_text} variable into the dispatch templates for the prose-reviewer and craft-reviewer sub-agents (SKILL.md, Step 2).
  • Capability inventory: The skill possesses the ability to write to the filesystem (via the Write tool) and execute logic via sub-agents.
  • Sanitization: There is no evidence of sanitization, escaping, or validation performed on the input text before it is processed by the AI sub-agents.
  • [DATA_EXFILTRATION]: The skill accesses and writes to sensitive local application directories.
  • Evidence: When 'learning mode' is active, the skill saves text snapshots to ~/.claude/voice-profiles/{name}/learning/snapshots/ (SKILL.md, Step 6). While this is a local operation, writing to the agent's internal configuration directory (~/.claude/) can lead to information exposure or configuration corruption if the {name} parameter or the content being saved is manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 PM