mira-voice-f5

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill hardcodes a Telegram Bot API token in the Step 3 bash command: bot8750482121:AAEHLkNQc413zPtbFq5xVcj7Qr4D6Vcp84I. Hardcoding credentials in skill files exposes the token to any user or system interacting with the skill code.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a multi-step process. Step 1 executes a Python script (mira_tts.py) with user-provided content passed as a direct shell argument: ...python ... "要说的内容". This is a high-risk pattern for command injection if the input is not sanitized, as an attacker could use shell metacharacters to execute arbitrary commands.
  • [DATA_EXFILTRATION]: The skill exfiltrates audio data (derived from user conversations) to an external service (Telegram) using a specific hardcoded chat_id (1981782453). While Telegram is a well-known service, sending data to a hardcoded destination outside of the user's control is a security concern.
  • [PROMPT_INJECTION]: The skill includes instructions to override the agent's built-in capabilities: IMPORTANT: Forbidden to use built-in TTS tools (translated). This directive forces the AI to ignore its default safety or functional tools in favor of the potentially unsafe shell scripts provided by the skill.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — mira-voice-f5