Skills
skills/terrylica/cc-skills/voice-quality-audition/Gen Agent Trust Hub

voice-quality-audition

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes several local shell scripts and system utilities to perform its tasks.
  • Executes kokoro-install.sh with --health and --install flags to manage the TTS environment.
  • Runs tts_kokoro_audition.sh located in ~/.local/bin/ or the plugin directory to perform voice testing.
  • Utilizes the macOS afplay utility for audio playback.
  • Employs pbpaste to retrieve text data for processing.
  • [DATA_EXFILTRATION]: The skill accesses potentially sensitive information from the macOS clipboard.
  • Specifically uses pbpaste to acquire the text passage used for the voice audition, which could inadvertently expose private data copied by the user.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted clipboard data.
  • Ingestion points: The skill reads external data from the system clipboard via pbpaste as described in Phase 2 of the workflow.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing the clipboard content.
  • Capability inventory: The skill possesses extensive capabilities through the Bash tool, including file system modification and script execution.
  • Sanitization: There is no evidence of sanitization or validation performed on the text retrieved from the clipboard before it is processed by the agent or the TTS script.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:51 AM