Skills
NYC
skills/aahl/skills/edge-tts/Gen Agent Trust Hub

edge-tts

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill uses the uvx tool to download and execute the edge-tts package from PyPI at runtime. While PyPI is a standard registry, fetching unversioned packages introduces a risk of dependency drift or supply chain interference.
  • COMMAND_EXECUTION (LOW): The skill templates shell commands using the {msg} and {filename} variables. This represents an indirect prompt injection surface where a malicious user could potentially execute arbitrary commands if the agent framework does not adequately escape shell arguments.
  • Ingestion points: {msg}, {filename}, and {tempdir} variables within the shell command usage blocks.
  • Boundary markers: No shell-specific boundary markers, delimiters, or escaping instructions are present in the command templates.
  • Capability inventory: The skill executes shell commands using the system's subprocess runner.
  • Sanitization: No explicit sanitization, validation, or escaping logic is defined in the skill file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:56 PM