Skills
skills/noizai/skills/chat-with-anyone/Gen Agent Trust Hub

chat-with-anyone

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches video and subtitle content from third-party platforms including YouTube, Bilibili, and TikTok to extract reference audio samples.
  • [COMMAND_EXECUTION]: The skill invokes several subprocesses to perform its tasks, including ffmpeg for audio extraction and trimming, and local Python scripts for video downloading and text-to-speech generation.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection via the processing of untrusted external data.
  • Ingestion points: The agent reads content from downloaded subtitle files (.vtt or .srt) in SKILL.md (Workflow A4).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts within the subtitle files.
  • Capability inventory: The skill possesses the ability to execute shell commands (ffmpeg), run local scripts, and generate synthetic audio content.
  • Sanitization: No validation or filtering is applied to the subtitle text before the agent parses it for timestamps.
  • [DATA_EXFILTRATION]: The script voice_design.py accesses a configuration file at ~/.noiz_api_key to authenticate requests to the noiz.ai API. This is a vendor-specific credential used for intended functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 12:39 PM