audiocodes-cli
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the execution or installation of the
audiocodes-clipackage from the public NPM registry (npx audiocodes-cliornpm install -g audiocodes-cli). This package is not from a known trusted organization or the specified vendor. - [COMMAND_EXECUTION]: The primary function of this skill is the execution of shell commands through the
audiocodes-cli. This allows the agent to interact with the local system and network infrastructure. - [CREDENTIALS_UNSAFE]: The skill documentation provides examples of passing sensitive passwords as command-line arguments (e.g.,
--password "$AUDIOCODES_PASSWORD"). While utilizing environment variables is better than hardcoding, passing secrets as arguments can expose them in process lists or shell history. - [DATA_EXFILTRATION]: While the skill primarily targets local network devices, the
audiocodes-clitool performs network operations to hostnames provided by the user, which could be leveraged if the hostname is manipulated to point to an external malicious server. - [INDIRECT_PROMPT_INJECTION]: This skill ingests data from external hardware devices (AudioCodes SBCs) via REST API endpoints such as
/alarms/active. This content is processed and returned to the AI agent. Maliciously crafted data stored on the device (e.g., within an alarm message) could act as an indirect injection vector to influence the agent's logic. - Ingestion points: Data returned from REST API endpoints like
/statusand/alarms/active(SKILL.md). - Boundary markers: None present; data is interpolated directly into the agent's context.
- Capability inventory: Shell execution via the
audiocodes-clitool (SKILL.md). - Sanitization: No explicit sanitization or validation of the device output is mentioned.
Audit Metadata