voice-wake-say
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the macOS 'say' utility via shell commands. Piping user-influenced variables into a shell environment is a potential injection surface.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data for command execution. 1. Ingestion points: User messages starting with trigger phrases (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Local shell command execution including 'printf' and 'say' (SKILL.md). 4. Sanitization: The skill suggests stripping markdown but lacks robust shell character escaping.
Audit Metadata