mira-voice-f5
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill hardcodes a Telegram Bot API token in the Step 3 bash command:
bot8750482121:AAEHLkNQc413zPtbFq5xVcj7Qr4D6Vcp84I. Hardcoding credentials in skill files exposes the token to any user or system interacting with the skill code. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a multi-step process. Step 1 executes a Python script (mira_tts.py) with user-provided content passed as a direct shell argument:...python ... "要说的内容". This is a high-risk pattern for command injection if the input is not sanitized, as an attacker could use shell metacharacters to execute arbitrary commands. - [DATA_EXFILTRATION]: The skill exfiltrates audio data (derived from user conversations) to an external service (Telegram) using a specific hardcoded
chat_id(1981782453). While Telegram is a well-known service, sending data to a hardcoded destination outside of the user's control is a security concern. - [PROMPT_INJECTION]: The skill includes instructions to override the agent's built-in capabilities:
IMPORTANT: Forbidden to use built-in TTS tools(translated). This directive forces the AI to ignore its default safety or functional tools in favor of the potentially unsafe shell scripts provided by the skill.
Recommendations
- AI detected serious security threats
Audit Metadata