ez-tts
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses a sensitive configuration file at
~/.envvia theload_envfunction inscripts/tts.py. This file often contains credentials for various services, and reading it from the home directory constitutes a data exposure risk. - [COMMAND_EXECUTION]: Executes the
ffmpegCLI tool usingsubprocess.runto convert WAV files to OGG format. The implementation correctly uses an argument list which mitigates shell injection risks. - [EXTERNAL_DOWNLOADS]: Fetches AI models from Hugging Face, a well-known service, when
TTSModel.load_model()is called. These downloads are necessary for the primary function of the skill. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection where untrusted text input could influence agent behavior if the output is processed by other skills.
- Ingestion points: The
textargument inscripts/tts.pyaccepts arbitrary strings for speech generation. - Boundary markers: Absent; no delimiters are used to wrap or isolate the processed text input.
- Capability inventory: File system writing, subprocess execution (
ffmpeg), and network access for model downloads. - Sanitization: No sanitization or validation is applied to the input text before processing.
Audit Metadata