Skills
skills/ypyt1/all-skills/voice-agent/Gen Agent Trust Hub

voice-agent

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The scripts/start.sh script mounts the host's sensitive AWS credentials directory (~/.aws) into the Docker container using the -v ~/.aws:/root/.aws flag. This exposes the user's cloud access keys and configurations to the container environment.
  • [EXTERNAL_DOWNLOADS]: The scripts/start.sh script downloads the trevisanricardo/ai-voice-backend container image from Docker Hub at runtime. This image is maintained by the skill author.
  • [COMMAND_EXECUTION]: The skill includes a management script (scripts/start.sh) that executes docker commands (pull, run, start), which typically require root or elevated host privileges.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its audio transcription pipeline.
  • Ingestion points: Untrusted audio files are processed by the transcribe tool in scripts/client.py.
  • Boundary markers: No delimiters or safety instructions are used when passing transcribed text to the agent context.
  • Capability inventory: The skill allows writing files to the local system (synthesize) and managing Docker containers (start.sh).
  • Sanitization: There is no sanitization or validation of the transcribed text or input file paths.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 01:38 AM