VoiceServer
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile uses high-pressure language ('MANDATORY', 'REQUIRED BEFORE ANY ACTION', 'This is not optional') to force the agent to execute shell commands immediately upon invocation, overriding the agent's normal decision-making process. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by instructing the agent to load and apply content from
~/.opencode/skills/PAI/USER/SKILLCUSTOMIZATIONS/VoiceServer/to override its default behavior. • Ingestion points:~/.opencode/skills/PAI/USER/SKILLCUSTOMIZATIONS/VoiceServer/. • Boundary markers: None mentioned. • Capability inventory:curl(SKILL.md, Workflows/Status.md),bun(Tools/VoiceServerManager.ts), and shell script execution. • Sanitization: None; the instructions explicitly state to 'apply' resources to override default behavior. - [COMMAND_EXECUTION]: The skill utilizes
curlcommands to interact with a local server on port 8888 for notifications and health checks. - [COMMAND_EXECUTION]: The
VoiceServerManager.tsscript uses the Bun runtime to execute various shell scripts (start.sh, stop.sh, status.sh, restart.sh) located in the user's home directory.
Audit Metadata