world-voice
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform basic file system management operations.\n
- Evidence: Execution of
mkdir -p world-codeto prepare a directory for output and managing thevoice.mdfile within that directory.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the processing of external user-provided data.\n - Ingestion points: Step 3, Question 1 explicitly asks the user to provide an external writing sample (e.g., email or social post) for analysis.\n
- Boundary markers: There are no explicit markers or instructions defined to prevent the agent from executing instructions that might be embedded in the user's writing sample.\n
- Capability inventory: The skill has access to bash tools for directory creation and file read/write operations.\n
- Sanitization: The instructions do not include any steps for sanitizing, escaping, or validating the user-provided text before analysis.
Audit Metadata