voice-generate
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the local file system. In modules/register-selection.md, shell variables $PROFILE_NAME and $REGISTER_NAME are interpolated into commands without sanitization. This allows for command injection (e.g., via ;) or directory traversal (e.g., via ../), potentially granting unauthorized access to files or execution of arbitrary code within the shell context.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted source material into agent prompts.\n
- Ingestion points: Source material is ingested in SKILL.md and modules/source-framing.md.\n
- Boundary markers: Triple-dash (---) delimiters are used to separate source material, but these can be subverted by adversarial input.\n
- Capability inventory: The skill has access to Bash, Read, Write, and Agent tools, posing a risk if the agent's instructions are overridden.\n
- Sanitization: There is no evidence of input validation or escaping for source material or the names used to construct file paths.
Audit Metadata