iflytek-voiceclone-tts
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided audio recordings and text to iFlytek's remote infrastructure (opentrain.xfyousheng.com and cn-huabei-1.xf-yun.com). This is the primary function of the skill but involves handling sensitive biometric data.
- [DATA_EXFILTRATION]: The WebSocket implementation in scripts/voiceclone.py explicitly disables SSL/TLS certificate verification by setting ssl.CERT_NONE. This makes the connection vulnerable to Man-in-the-Middle (MitM) attacks, potentially allowing for the interception of voice data.
- [DATA_EXFILTRATION]: The script uses the MD5 hashing algorithm for authentication and request signing. MD5 is considered cryptographically weak and is a deprecated security practice.
- [PROMPT_INJECTION]: The skill processes untrusted input and exhibits a surface for indirect prompt injection.
- Ingestion points: External audio files and text are processed via CLI arguments (--audio, --file, --text) and stdin in scripts/voiceclone.py.
- Boundary markers: None are implemented to distinguish between control instructions and user data.
- Capability inventory: The script performs file reading, file writing (audio output), and network operations via HTTP and WebSockets.
- Sanitization: No validation or sanitization is performed on user-supplied text before synthesis.
Audit Metadata