skills/google-gemini/gemini-managed-agents-templates/tts-generation/Snyk

tts-generation

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). The runtime reads {workspace}/data/script.md and sends the parsed outsider-authored script text (speaker turns) as free-form prompt input to the Gemini Interactions API (client.interactions.create(... input=prompt ...)), so any non-user-authored script content becomes LLM context (indirect prompt injection risk).

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 18, 2026, 06:58 AM

Issues

1

Security Audit — snyk — tts-generation