newsletter-voice
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill does not perform any network operations or download external scripts or configurations. All resources are local to the skill folder or the user's project root.
- [COMMAND_EXECUTION]: There are no shell commands, system calls, or subprocess executions defined in the skill instructions.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were detected. The skill accesses
voice.mdandabout-me.md, which are intended parts of the local project context. - [PROMPT_INJECTION]: The skill processes untrusted user-provided content (newsletter samples) in Step 2a. This represents a surface for indirect prompt injection where a malicious sample could attempt to influence the agent's behavior. However, the risk is extremely low because the skill's capabilities are limited to writing a markdown file (
newsletter-voice.md) and it does not have access to sensitive tools or the ability to execute code. - [DATA_EXFILTRATION]: No data exfiltration vectors were found. The skill does not use
curl,wget, or any other network-enabled tools to send project data to external domains.
Audit Metadata