minimax-tts
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ffmpegutility to transcode audio from MP3 to OGG/Opus. The command uses generated UUIDs for filenames to prevent local file collisions. - [EXTERNAL_DOWNLOADS]: Fetches audio content from the MiniMax API (
api.minimax.chat) and transmits voice messages via the Telegram Bot API (api.telegram.org). Both are recognized, well-known services. - [PROMPT_INJECTION]: The skill processes untrusted text input for speech synthesis, creating an indirect prompt injection surface.
- Ingestion points: The
textparameter of thespeakfunction. - Boundary markers: No specific delimiters are used to wrap the input text in the API payload.
- Capability inventory: The skill has network access (requests), subprocess execution (ffmpeg), and local file system write permissions.
- Sanitization: Implements basic filtering by removing Markdown formatting and replacing URLs, though robust sanitization for downstream components is not explicitly detailed.
Audit Metadata