voice-update
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides examples of calling a local Bash script at
${CLAUDE_PLUGIN_ROOT}/scripts/saywith summary text. This pattern presents a potential command injection risk if the summary text is not strictly sanitized of shell metacharacters before execution. - [EXTERNAL_DOWNLOADS]: The skill depends on
pocket-tts, a Python package used for text-to-speech functionality, which is dynamically run using theuvxtool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and repeats user-influenced data. 1. Ingestion points: Task summaries and user communication styles processed within
SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local bash scripts (say). 4. Sanitization: None described. The instruction to mirror the user's tone and 'colorful language' increases the risk of the agent outputting malicious or unauthorized content provided by an attacker.
Audit Metadata