sag-voice
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
sagCLI tool from a third-party Homebrew tap (steipete/tap/sag) inreferences/sag-cli.mdandSKILL.md. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
sagutility to generate spoken notifications and list voices. - [PROMPT_INJECTION]: The skill contains a potential indirect prompt injection surface where user-controlled environment data is used in shell execution.
- Ingestion points: The script in
SKILL.mdderives a project name from the current directory usingbasename "$PWD". - Boundary markers: No explicit boundary markers are present to isolate the directory name from the rest of the shell command.
- Capability inventory: The skill relies on direct Bash execution to run the text-to-speech tool.
- Sanitization: The project name undergoes basic character translation using
tr, which does not protect against shell injection techniques such as command substitution or subshells if the directory name is crafted maliciously.
Audit Metadata