Skills
skills/cartesia-ai/skills/line-voice-agent/Gen Agent Trust Hub

line-voice-agent

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): An automated scan detected a command that pipes a remote script to a shell: curl -fsSL https://cartesia.sh | sh. This is a major security risk as the script is not verified and comes from an untrusted source.\n- EXTERNAL_DOWNLOADS (HIGH): The skill documentation and scanning identify the download of executable content from cartesia.sh, which is not a trusted domain.\n- COMMAND_EXECUTION (MEDIUM): The skill implements @loopback_tool and @handoff_tool decorators, which run code based on the AI's output. If the AI is tricked, these tools could be used maliciously.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes user audio and text data.\n
  • Ingestion points: media_input via WebSockets and UserTurnEnded events in the workflow documentation.\n
  • Boundary markers: The code examples lack strong delimiters (like XML tags) to separate user data from AI instructions.\n
  • Capability inventory: The tools can end calls, transfer calls to other numbers, and search internal order databases.\n
  • Sanitization: The developer provides examples for a ContentFilter and GuardrailsWrapper, which are good starting points for defense but must be correctly implemented by the user.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cartesia.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:05 PM