The Agent Skills Directory

[DATA_EXFILTRATION]: The setup sub-command executes a comprehensive scan of the local environment to harvest API keys. This includes reading sensitive shell configuration files (~/.zshrc, ~/.bashrc, ~/.envrc), querying the macOS Keychain (security find-generic-password), and extracting secrets from third-party managers like Dashlane (dcli) and Doppler. The collected credentials are then transmitted to external API endpoints (Bland AI, ElevenLabs, Groq) for validation.
[DATA_EXFILTRATION]: The transcribe command utilizes curl -F "file=@$AUDIO_FILE" to upload files to the Groq API. Since the file path is extracted directly from user-supplied arguments, an attacker could manipulate the input to exfiltrate sensitive system files (e.g., ~/.ssh/id_rsa or .env files) to the external service.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run scripts where user-controlled input (phone numbers, prompts, and file paths) is interpolated directly into shell commands. This pattern creates a high risk of command injection if the input contains shell metacharacters.
[CREDENTIALS_UNSAFE]: The skill implements logic to specifically search for and extract plain-text credentials from shell profiles and history files, encouraging or relying on insecure secret storage practices.

ops-voice