The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts tools/tts_stream.py and tools/tts_synthesize.py contain logic to automatically install missing Python packages (voxcpm, soundfile, numpy, sounddevice) using pip install via subprocess.check_call. Running package installation at runtime without explicit user confirmation for each package is a security risk.
[EXTERNAL_DOWNLOADS]: The skill downloads the openbmb/VoxCPM2 model, which is approximately 4GB, from Hugging Face during its first run. Large external binary downloads from third-party organizations can introduce supply chain vulnerabilities.
[COMMAND_EXECUTION]: Multiple files, including tools/audio_play.py and tools/tts_stream.py, use subprocess.run or subprocess.check_call to execute shell commands. These are used for audio playback (afplay, aplay, ffplay) and for the aforementioned package management, increasing the attack surface for command injection if user inputs are mishandled.
[PROMPT_INJECTION]: The SKILL.md instructions explicitly command the agent to "never include any disclaimer, role description or meta notes in the response text." While intended to ensure clean audio synthesis, this instruction serves as a concealment pattern that prevents the AI from disclosing its identity or including necessary safety disclaimers in the text visible to the user.
[PROMPT_INJECTION]: The system prompt includes instructions to resist adversarial or character-breaking probes by "redefining the battlefield" or refusing to step out of character unless a specific exit phrase is used, which can be used to bypass standard AI safety transparency.

tim-cook-perspective