agent-sounds
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run a local script (.claude/skills/agent-sounds/scripts/agent_sounds.py). Evidence: SKILL.md and integrations.md prescribe running python3 with this path. Risk: The script code is missing from the provided files, preventing verification of its subprocess handling or potential malicious logic.
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection via data-driven command parameters. 1. Ingestion points: CLI arguments like hook-name and --message, and the .claude/agent-sounds.json configuration file. 2. Boundary markers: Absent; no sanitization or delimiters are defined for inputs passed to the shell. 3. Capability inventory: Execution of local scripts and system utilities like say and afplay. 4. Sanitization: Unverifiable as the script source code is missing. If the script uses shell interpolation for the 'say' feature or message argument, an attacker could achieve arbitrary command execution through malicious task descriptions or configuration.
Audit Metadata