skills/skill-zero/s/ai-voice-cloning/Gen Agent Trust Hub

ai-voice-cloning

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash(belt *) tool to execute shell commands for interacting with the inference.sh platform. This allows for powerful audio processing but requires trust in the underlying CLI tool.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources for installation and model execution, including code and configurations hosted on inference.sh and GitHub repositories. These are standard for platform integration but involve external dependencies.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data.
  • Ingestion points: User-supplied text is interpolated into JSON payloads within shell commands (e.g., the prompt and text fields in SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content embedded within the text to be synthesized.
  • Capability inventory: The skill leverages command execution capabilities via the belt CLI to perform network-based AI inference.
  • Sanitization: The instructions do not include methods for escaping or validating the content of the user-provided text before it is passed to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 12:07 AM
Security Audit — agent-trust-hub — ai-voice-cloning