skills/agents365-ai/365-skills/ttsCN/Gen Agent Trust Hub

ttsCN

Warn

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently uses the subprocess module to execute system commands for audio processing. Scripts including azure.py, baidu.py, cosyvoice.py, doubao.py, edge.py, minimax.py, tencent.py, and xunfei.py call ffmpeg to concatenate audio chunks and resample files, and ffprobe to extract duration metadata. The SKILL.md also instructs the agent to use the open command to launch a local HTML document in the user's browser.\n- [REMOTE_CODE_EXECUTION]: The skill utilizes dynamic code loading to initialize backend-specific logic. In scripts/backends/__init__.py, the init_backend and get_synthesize_func functions use __import__ and import_module with module paths determined by configuration data in data/providers.json. This approach allows the skill to load only the necessary provider implementations at runtime based on user selection.\n- [EXTERNAL_DOWNLOADS]: The skill depends on various external Python SDKs and libraries to interact with TTS provider APIs. It references packages such as edge-tts, dashscope, azure-cognitiveservices-speech, tencentcloud-sdk-python-tts, baidu-aip, and websocket-client. These dependencies are sourced from established tech organizations including Microsoft, Alibaba, Tencent, Baidu, and ByteDance, and are used solely for fulfilling the primary TTS synthesis purpose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 8, 2026, 04:39 PM
Security Audit — agent-trust-hub — ttsCN