The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The scripts models/rvc_core/rvc_infer_simple.py and models/rvc_core/rvc_simple.py use torch.load() to load RVC models from paths defined in the configuration.
Evidence: torch.load(self.model_path, map_location=self.device) is used without weights_only=True. Because torch.load uses the pickle module internally, it is vulnerable to arbitrary code execution if a user is tricked into loading a maliciously crafted .pth model file.
Context: The skill's documentation (README.md, models/RVC_MODEL_GUIDE.md) explicitly directs users to download models from third-party sources and file-sharing sites (e.g., Quark, HuggingFace), increasing the risk of encountering a malicious model.
[Privilege Escalation] (MEDIUM): The install_dependencies.sh script utilizes sudo to perform system-level installations.
Evidence: sudo apt-get install -y ffmpeg and sudo yum install -y ffmpeg are called based on the detected OS.
Context: While common for setup scripts, executing commands with elevated privileges poses a security risk if the script is modified or if it is executed in a multi-user environment where administrative access should be restricted.
[Indirect Prompt Injection] (LOW): The skill ingests external audio and video files as primary input and passes filenames to subprocesses.
Evidence: scripts/rvc_process_long.py calls ffmpeg and local Python scripts using subprocess.run with list-based arguments.
Mitigation: The use of list-based arguments prevents simple shell command injection; however, processing untrusted binary media files remains an attack surface for low-level exploits or metadata-based injection.
[External Downloads] (LOW): The skill provides instructions for manual external downloads.
Evidence: models/RVC_MODEL_GUIDE.md suggests using git clone for the RVC WebUI and wget for HuBERT models from HuggingFace.
Mitigation: These sources are generally trusted (GitHub/HuggingFace), and the skill does not automate these downloads at runtime.

voice-changer