skills/segudev/voice-skill/voice/Gen Agent Trust Hub

voice

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The speak.sh script evaluates the POCKET_TTS_PLAYER environment variable without shell quoting. While intended to allow for command-line arguments (e.g., flags for a media player), this creates a vector for command injection if the environment variable is set to a malicious string.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and behavior indicate that it downloads external model and voice assets during its initial execution.
  • [COMMAND_EXECUTION]: The script initiates a background server process using nohup when 'voice mode' is enabled, which persists in the system's background until explicitly stopped or the environment is reset.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 01:27 PM
Security Audit — agent-trust-hub — voice