voice
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs an external Node.js package 'agent-voice' using 'npm install -g'. This package is not from a trusted organization or repository listed in the security guidelines.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its primary data ingestion mechanism. • Ingestion points: Transcribed user voice input enters the agent context via the 'agent-voice ask' command. • Boundary markers: Absent; transcribed text is not wrapped in delimiters, nor are there instructions to ignore commands within the transcription. • Capability inventory: The agent has access to Bash for package installation and system commands. • Sanitization: Absent; the skill does not specify any validation or sanitization for the tool's output.
- COMMAND_EXECUTION (SAFE): The use of 'agent-voice' commands ('say', 'ask') is aligned with the skill's stated purpose and does not represent an independent security risk beyond the installation of the unverified package.
Audit Metadata