oma-voice
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes MCP tools such as voicebox_speak and voicebox_transcribe. These commands are directed to a local Voicebox application running on the loopback interface (127.0.0.1) and are essential to the skill's primary function.
- [EXTERNAL_DOWNLOADS]: The documentation provides a link to the official GitHub repository for the Voicebox application (github.com/jamiepine/voicebox). This is an informative reference for manual user installation and does not involve automated or hidden remote code execution.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. All network communication is restricted to the local machine, and audio processing results are stored within the project's local directory (.agents/results/voice).
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection during audio transcription.
- Ingestion points: Local audio files provided by the user for transcription via the voicebox_transcribe tool.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the transcription output workflow.
- Capability inventory: The skill possesses file write capabilities and local network interaction via MCP.
- Sanitization: Transcribed text is reported to the user without explicit sanitization or filtering.
- [SAFE]: The skill includes robust guardrails, including strict character limits for voice generation and duration limits for transcription, to prevent abuse and resource exhaustion.
Audit Metadata