Cast
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references 'npx --yes edge-tts' for voice generation. This uses a well-known text-to-speech package from a trusted registry and is consistent with the skill's primary purpose.
- [COMMAND_EXECUTION]: Employs shell commands such as 'curl', 'which', and 'python3 -c' to verify the availability of local TTS tools and engines. These operations are limited to environment verification and do not execute untrusted external scripts.
- [DATA_EXFILTRATION]: Scans project files including 'src//auth*' and 'src//user*' to identify user roles and models for persona synthesis. This data access is purposeful for generating realistic testing personas and does not involve unauthorized external transmission.
- [PROMPT_INJECTION]: The skill ingests untrusted data from project files (e.g., README.md, docs) and external agent handoffs, presenting a surface for indirect prompt injection.
- Ingestion points: Processes content from project directories and incoming handoffs from 'Researcher', 'Trace', and 'Voice' agents.
- Boundary markers: Refers to '_common/BOUNDARIES.md' and uses structured persona schemas to isolate processed data from agent instructions.
- Capability inventory: Has permissions to write to '.agents/personas/', perform network requests via TTS engines, and execute environment-check commands.
- Sanitization: Implements a mandatory human-review gate for any AI-generated persona with a confidence score below 0.60, effectively mitigating risks from maliciously crafted source data.
Audit Metadata