text-to-speech

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides documented examples of using curl, jq, and ffmpeg to interact with its synthesis API and manipulate audio files, which are standard utilities for this use case.
  • [DATA_EXFILTRATION]: Network communication is directed to the vendor's synthesis endpoint ($API_URL). Authentication is managed via context-provided variables ($AUTH_TOKEN), avoiding hardcoded credentials.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted text for audio synthesis.
  • Ingestion points: The text and instructions parameters in SKILL.md accept external content.
  • Boundary markers: No explicit delimiters are used to wrap the input text.
  • Capability inventory: The skill uses curl to transmit data to the external API.
  • Sanitization: No specific sanitization or filtering of the input text is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 02:11 PM
Security Audit — agent-trust-hub — text-to-speech