Skills
skills/halt-catch-fire/skills/text-to-speech/Gen Agent Trust Hub

text-to-speech

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text input through CLI commands.
  • Ingestion points: External text data is accepted via the --input parameter in belt app run commands throughout SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the input text as data only, rather than instructions.
  • Capability inventory: The skill uses the Bash tool to execute belt commands, which can access network resources.
  • Sanitization: There is no visible sanitization of the input strings before they are passed to the shell environment via the CLI tool.
  • [COMMAND_EXECUTION]: The skill relies on the belt CLI tool to perform its primary functions.
  • Evidence: Multiple examples in SKILL.md demonstrate the use of belt app run to interact with remote TTS models.
  • [EXTERNAL_DOWNLOADS]: Fetches installation guidelines from the inference-sh public GitHub repository.
  • Evidence: References https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md for setup instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — text-to-speech