skills/duyet/claude-plugins/sag-voice/Gen Agent Trust Hub

sag-voice

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the sag CLI tool from a third-party Homebrew tap (steipete/tap/sag) in references/sag-cli.md and SKILL.md.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the sag utility to generate spoken notifications and list voices.
  • [PROMPT_INJECTION]: The skill contains a potential indirect prompt injection surface where user-controlled environment data is used in shell execution.
  • Ingestion points: The script in SKILL.md derives a project name from the current directory using basename "$PWD".
  • Boundary markers: No explicit boundary markers are present to isolate the directory name from the rest of the shell command.
  • Capability inventory: The skill relies on direct Bash execution to run the text-to-speech tool.
  • Sanitization: The project name undergoes basic character translation using tr, which does not protect against shell injection techniques such as command substitution or subshells if the directory name is crafted maliciously.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — sag-voice