claude-speak
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local binaries (
claude-speak-clientandclaude-speak-daemon) located within the user's home directory (~/Projects/claude-speak/). These commands are used to interact with a pre-installed text-to-speech system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (shell injection) because user-supplied content is interpolated directly into a shell command as an argument.
- Ingestion points: User-provided text intended for vocalization in
SKILL.mdcommands. - Boundary markers: None specified to distinguish between text data and shell control characters.
- Capability inventory: Execution of subprocesses via the command line.
- Sanitization: No escaping or validation of the input string is mentioned before it is passed to the shell.
Audit Metadata