skill-kokoro-tts-tool

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the tool from the author's GitHub repository and uses an init command to fetch models from Hugging Face. These are legitimate operations for a local TTS engine.- [COMMAND_EXECUTION]: The skill documentation includes usage of a local CLI tool for text synthesis and shell completion setup using eval. These are standard practices for CLI utility integration.- [PROMPT_INJECTION]: The skill is designed to process untrusted text data from files or stdin for audio synthesis. This creates a data ingestion surface; however, the output (audio or WAV files) is not re-ingested as instructions by the agent, which prevents instruction override attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:28 AM
Security Audit — agent-trust-hub — skill-kokoro-tts-tool