Skills
skills/dotnetage/mindx/voice/Gen Agent Trust Hub

voice

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the macOS 'say' command to provide audio output. In 'voice_cli.sh', parameters are handled using bash arrays, and in 'voice.go', 'exec.Command' is used with an argument slice. Both methods are secure against shell injection because they do not invoke a shell to parse the arguments.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the 'jq' utility being present on the system for JSON parsing in the shell script. It does not download external scripts or code at runtime.
  • [DATA_EXFILTRATION]: No network activity or sensitive data access was detected. The skill only interacts with the local system's audio output.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted text input to be read aloud, the impact is limited to audio output via the system's text-to-speech engine, which poses no risk to system integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 10:48 AM