ai-voice-cloning
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bash(belt *)tool to execute shell commands for interacting with the inference.sh platform. This allows for powerful audio processing but requires trust in the underlying CLI tool. - [EXTERNAL_DOWNLOADS]: The skill references external resources for installation and model execution, including code and configurations hosted on
inference.shand GitHub repositories. These are standard for platform integration but involve external dependencies. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data.
- Ingestion points: User-supplied text is interpolated into JSON payloads within shell commands (e.g., the
promptandtextfields inSKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content embedded within the text to be synthesized.
- Capability inventory: The skill leverages command execution capabilities via the
beltCLI to perform network-based AI inference. - Sanitization: The instructions do not include methods for escaping or validating the content of the user-provided text before it is passed to the shell environment.
Audit Metadata