minimax-tts

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the ffmpeg utility to transcode audio from MP3 to OGG/Opus. The command uses generated UUIDs for filenames to prevent local file collisions.
  • [EXTERNAL_DOWNLOADS]: Fetches audio content from the MiniMax API (api.minimax.chat) and transmits voice messages via the Telegram Bot API (api.telegram.org). Both are recognized, well-known services.
  • [PROMPT_INJECTION]: The skill processes untrusted text input for speech synthesis, creating an indirect prompt injection surface.
  • Ingestion points: The text parameter of the speak function.
  • Boundary markers: No specific delimiters are used to wrap the input text in the API payload.
  • Capability inventory: The skill has network access (requests), subprocess execution (ffmpeg), and local file system write permissions.
  • Sanitization: Implements basic filtering by removing Markdown formatting and replacing URLs, though robust sanitization for downstream components is not explicitly detailed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — minimax-tts