skill-kokoro-tts-tool
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the tool from the author's GitHub repository and uses an
initcommand to fetch models from Hugging Face. These are legitimate operations for a local TTS engine.- [COMMAND_EXECUTION]: The skill documentation includes usage of a local CLI tool for text synthesis and shell completion setup usingeval. These are standard practices for CLI utility integration.- [PROMPT_INJECTION]: The skill is designed to process untrusted text data from files or stdin for audio synthesis. This creates a data ingestion surface; however, the output (audio or WAV files) is not re-ingested as instructions by the agent, which prevents instruction override attacks.
Audit Metadata