voice-clone-generator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion process.\n
- Ingestion points: The skill reads data from
.claude/context/data/user-style-profile.jsonin Step 1.\n - Boundary markers: The system prompt construction in Step 2 lacks clear delimiters or warnings to prevent the AI from following instructions embedded within the style profile data.\n
- Capability inventory: The skill performs file system reads and executes a local script.\n
- Sanitization: There is no evidence of validation or sanitization of the content from the style profile before it is used to build instructions.\n- [COMMAND_EXECUTION]: The skill executes a local Node.js script as part of its mandatory memory protocol.\n
- Evidence: The skill calls
node .claude/lib/memory/memory-search.cjsat the start of its workflow to retrieve historical constraints.
Audit Metadata