Skills
skills/thienanblog/awesome-ai-agent-skills/noizai-voice-workflow/Gen Agent Trust Hub

noizai-voice-workflow

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses 'npx' to download and add resources from the 'NoizAI/skills' GitHub repository, which is not a trusted source. This allows for the installation of unverifiable code at runtime.
  • [COMMAND_EXECUTION]: The skill executes shell commands, including 'npx' and 'bash' scripts such as 'speak.sh'. Executing scripts from an untrusted external source presents a significant security risk.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing arbitrary text for voice generation. • Ingestion points: Text input for TTS rendering in 'SKILL.md'. • Boundary markers: None present. • Capability inventory: Executes bash scripts and shell commands. • Sanitization: No sanitization or input validation mechanisms were found.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 11:22 AM