voicemode-connect
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions require running
npx -y mcp-remote https://voicemode.dev/mcp. This pattern downloads and executes code from the npm registry and connects to a remote definition on a non-trusted domain. - [REMOTE_CODE_EXECUTION] (HIGH): By using
npxto pull a remote MCP configuration fromhttps://voicemode.dev/mcp, the skill facilitates the execution of arbitrary remote code on the user's local environment. The domainvoicemode.devis not within the defined trusted sources. - [DATA_EXFILTRATION] (MEDIUM): The skill's primary function is to route voice conversations through a third-party cloud platform (
voicemode.dev). This constitutes a risk of data exposure for any sensitive information shared during voice sessions. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): High-risk attack surface detected in the
conversetool. - Ingestion points: Untrusted voice data is received from external clients (iOS/web) and processed by the agent.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands in the voice transcripts are mentioned.
- Capability inventory: The skill enables network communication and local command execution via the
mcp-remotewrapper. - Sanitization: There is no evidence of sanitization for the converted text before it is presented to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata