voice
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to interact with a local command-line utility namedalmafor generating voice messages. This tool is likely a vendor-specific resource from the author. - [COMMAND_EXECUTION]: (Indirect Injection Surface)
- Ingestion points: Text generated by the agent or provided by the user is interpolated directly into shell commands (e.g.,
alma tts "{text}"). - Boundary markers: No boundary markers or delimiters are suggested in the documentation to isolate user input from the command structure.
- Capability inventory: The skill has full access to the
Bashtool to execute CLI commands. - Sanitization: The skill does not provide any instructions or logic for escaping or sanitizing the input text to prevent shell character injection (e.g., semicolons or backticks).
Audit Metadata