voice
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes Bash commands using curl to interact with a local service at http://localhost:23001. This is a localized operation with minimal risk of direct command injection from the provided templates.
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8). * Ingestion points: The 'text' parameter in the curl POST request in SKILL.md. * Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the text being sent to the TTS engine. * Capability inventory: Network write operations via curl to a local API that interfaces with Telegram. * Sanitization: None detected. Malicious instructions embedded in data processed by the agent (e.g., from a web page) could be passed directly to the voice API, causing the agent to speak unauthorized or malicious content.
Audit Metadata