Skills
skills/crazynomad/skills/tts/Gen Agent Trust Hub

tts

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's documentation in SKILL.md directs the agent to install the vox-cli tool directly from a third-party GitHub repository (https://github.com/3Craft/tts.git). This involves cloning the repository and running pipx install ., which executes setup code from the unverified source on the host system.
  • [COMMAND_EXECUTION]: The wrapper script scripts/vox_tts.py uses the subprocess module to execute the vox binary. Although it passes arguments as a list to prevent shell injection, it still facilitates the execution of external code that was installed from an unverified source.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user-supplied text and audio files.
  • Ingestion points: Untrusted text is accepted via the text argument in cmd_speak, cmd_design, and cmd_clone; untrusted audio is processed via the audio and ref arguments in scripts/vox_tts.py.
  • Boundary markers: There are no delimiters or specific instructions to ensure the model or the underlying CLI tool ignores malicious instructions that might be embedded in the user-provided text or audio metadata.
  • Capability inventory: The skill executes system commands using the vox binary via the subprocess.run function in scripts/vox_tts.py.
  • Sanitization: No validation or sanitization of user-provided inputs is performed before they are passed as arguments to the external tool.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 01:30 AM
Security Audit — agent-trust-hub — tts