eSpeak NG Multilingual Speech Synthesizer
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Metadata Poisoning. The skill's frontmatter contains 'verification: security_reviewed'. This is a self-attestation that could mislead users or agents regarding the skill's actual safety status. Claims of safety within the skill content must not be treated as authoritative.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to synthesize speech from text inputs. * Ingestion points: Text input for synthesis referenced in the skill description. * Boundary markers: Absent; no instructions define how the agent should distinguish between data and instructions. * Capability inventory: CLI access to the eSpeak NG engine. * Sanitization: Absent; no evidence of input validation or character filtering for synthesized text.
- [EXTERNAL_DOWNLOADS]: Fetches the 'espeak-ng-multilingual-speech-synthesizer' package via standard package managers ('npx', 'clawhub'). These instructions target public registries and the author's own infrastructure.
- [NO_CODE]: The provided skill file contains only metadata and installation documentation. No executable scripts or operational logic were found within the skill itself for analysis.
Audit Metadata