speech
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: A detailed security audit of the skill instructions and Python code revealed no malicious behavior, obfuscation, or unauthorized access attempts.
- [EXTERNAL_DOWNLOADS]: The skill relies on the 'openai' Python package, which is an official and trusted library for interacting with OpenAI's services.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: User-provided text and instructions processed in SKILL.md and scripts/text_to_speech.py. Boundary markers: No delimiters are used to wrap external content. Capability inventory: The skill makes network calls to the OpenAI API and writes audio files to the local disk. Sanitization: No sanitization is performed on input text, although the risk is limited to the synthesized audio.
- [CREDENTIALS_UNSAFE]: The skill handles 'OPENAI_API_KEY' through environment variables and includes explicit security warnings to users against sharing their API keys in chat sessions.
Audit Metadata