oma-voice

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes MCP tools such as voicebox_speak and voicebox_transcribe. These commands are directed to a local Voicebox application running on the loopback interface (127.0.0.1) and are essential to the skill's primary function.
  • [EXTERNAL_DOWNLOADS]: The documentation provides a link to the official GitHub repository for the Voicebox application (github.com/jamiepine/voicebox). This is an informative reference for manual user installation and does not involve automated or hidden remote code execution.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration was found. All network communication is restricted to the local machine, and audio processing results are stored within the project's local directory (.agents/results/voice).
  • [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection during audio transcription.
  • Ingestion points: Local audio files provided by the user for transcription via the voicebox_transcribe tool.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the transcription output workflow.
  • Capability inventory: The skill possesses file write capabilities and local network interaction via MCP.
  • Sanitization: Transcribed text is reported to the user without explicit sanitization or filtering.
  • [SAFE]: The skill includes robust guardrails, including strict character limits for voice generation and duration limits for transcription, to prevent abuse and resource exhaustion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:19 PM
Security Audit — agent-trust-hub — oma-voice