VoiceGoat – A Vulnerable Voice Agent for Practicing LLM Attack Techniques

VoiceGoat is a deliberately vulnerable voice agent designed for testing LLM attack techniques, running in Docker Compose with three main services: VoiceBank (prompt injection vulnerabilities), VoiceAdmin (excessive agency risks), and VoiceRAG (vector/embedding weaknesses). It includes CTF-style flags at varying difficulty levels, with hard flags requiring chained exploits. The tool uses a mock LLM by default but supports integration with OpenAI, Bedrock, Ollama, or other OpenAI-compatible providers, as well as Twilio for phone-based attacks.