Skills
skills/chanjing-ai/chan-skills/chanjing-tts-voice-clone/Gen Agent Trust Hub

chanjing-tts-voice-clone

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive API credentials, including app_id, secret_key, and access_token, by reading from and writing to a local configuration file at ~/.chanjing/credentials.json. This is standard practice for the vendor's credential management.
  • [COMMAND_EXECUTION]: The _auth.py script invokes subprocess.run to execute a local script from a sibling directory (chanjing-credentials-guard/scripts/open_login_page). This is used as an automated fallback to open a login page if credentials are missing.
  • [EXTERNAL_DOWNLOADS]: The skill makes several network requests using urllib.request to https://open-api.chanjing.cc. These requests are used to obtain access tokens, upload reference audio for voice cloning, and poll for the status of speech synthesis tasks.
  • [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing user-supplied text and URLs for TTS processing.
  • Ingestion points: User-provided text and url inputs in create_task and create_voice scripts.
  • Boundary markers: None identified; input is interpolated directly into JSON request bodies.
  • Capability inventory: File system access (read/write credentials), subprocess execution (_auth.py), and network operations across all primary scripts.
  • Sanitization: The create_task script enforces a maximum length of 4000 characters for the input text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 07:35 PM