VoiceServer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill references and executes several shell scripts (start.sh, stop.sh, status.sh, restart.sh) located in '~/.claude/VoiceServer/'. These scripts are not part of the provided skill payload, meaning their contents cannot be verified and they could execute malicious commands if the local directory is compromised.
- PROMPT_INJECTION (LOW): The 'MANDATORY' section in SKILL.md uses strong, directive language ('🚨 MANDATORY', 'You MUST', 'Execute immediately') to override the agent's safety or logic filters and force it to perform curl operations to a local server.
- PROMPT_INJECTION (LOW): The skill identifies an ingestion surface for indirect prompt injection by instructing the agent to load and apply unvalidated user-controlled customizations from the local file system. 1. Ingestion points: ~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/VoiceServer/ (defined in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Shell script execution via Bun's shell operator ($) and network requests via curl/fetch. 4. Sanitization: No sanitization or validation of the customization files is specified.
Audit Metadata