Audio Command Executor

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear audio-transcription purpose, but it needs review because it runs local tools on inbound file paths and treats audio-derived instructions like normal chat without clear safeguards.

Install only if the inbound audio directory is trusted and the runtime validates files stay inside that directory, uses safe argv-style command execution, restricts expected audio types, and asks before acting on sensitive commands spoken in audio.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 1

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to treat transcribed audio 'as normal chat input' and answer resulting questions or instructions without any trust boundary or safety filtering. Because audio is an untrusted external input, an attacker can embed spoken prompt-injection content that manipulates agent behavior, elicits sensitive information, or triggers unsafe downstream actions if the broader system grants tool access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal