Skills
skills/terrylica/cc-skills/voice-quality-audition/Gen Agent Trust Hub

voice-quality-audition

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs local shell scripts (kokoro-install.sh, tts_kokoro_audition.sh) to manage the TTS engine, perform health checks, and execute voice auditions.
  • [EXTERNAL_DOWNLOADS]: The instructions for installing or upgrading the Kokoro engine and models via kokoro-install.sh indicate the retrieval of software and assets from external sources.
  • [PROMPT_INJECTION]: The skill includes a 'Self-Evolving' section that instructs the agent to autonomously modify the SKILL.md file and its reference documentation to correct errors or update parameters based on runtime experience.
  • [PROMPT_INJECTION]: The skill ingests untrusted text data from the macOS clipboard (pbpaste) for use as an audition passage, which could contain malicious instructions.
  • Ingestion points: Phase 2 and Phase 3 describe reading passage text from the system clipboard.
  • Boundary markers: No delimiters or safety instructions are provided to the agent to isolate or ignore potentially malicious content within the clipboard text.
  • Capability inventory: The agent utilizes Bash, Read, and Glob tools while processing the untrusted clipboard data.
  • Sanitization: There is no description of sanitization, validation, or filtering of the clipboard content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:18 AM