text-to-speech
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides documented examples of using
curl,jq, andffmpegto interact with its synthesis API and manipulate audio files, which are standard utilities for this use case. - [DATA_EXFILTRATION]: Network communication is directed to the vendor's synthesis endpoint (
$API_URL). Authentication is managed via context-provided variables ($AUTH_TOKEN), avoiding hardcoded credentials. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted text for audio synthesis.
- Ingestion points: The
textandinstructionsparameters inSKILL.mdaccept external content. - Boundary markers: No explicit delimiters are used to wrap the input text.
- Capability inventory: The skill uses
curlto transmit data to the external API. - Sanitization: No specific sanitization or filtering of the input text is described.
Audit Metadata