tts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly states "Models are downloaded from HuggingFace on first use (~1-3 GB)", so the skill fetches public third-party models (hosted on a user-contributed platform) that are loaded and used at runtime for inference, meaning untrusted model content could influence generated transcripts/audio and thus agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime install instructions (see Claude Integration step) explicitly run "git clone https://github.com/3Craft/tts.git /tmp/vox-tts" followed by "cd /tmp/vox-tts && pipx install .", which fetches and installs remote code the skill requires (the vox CLI) and therefore executes third-party code from that URL.