speakturbo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): This skill defines an interface where untrusted external data is passed to an executable command. Evidence: (1) Ingestion point: The main text argument for the
speakturbocommand. (2) Boundary markers: Documentation uses double quotes which are insufficient for shell security. (3) Capability: Local process execution and interaction with a daemon on port 7125. (4) Sanitization: No sanitization or escaping mechanisms are described for the input text. - [Command Execution] (HIGH): The recommended usage pattern involves string interpolation into a shell environment, which allows for arbitrary command execution if the input text contains shell metacharacters such as backticks or subshell expansions.
- [Data Exposure] (LOW): Documentation exposes internal system details including user home directory sub-paths (~/.chatter/voices/) and predictable log file locations (/tmp/speakturbo.log).
Recommendations
- AI detected serious security threats
Audit Metadata