edge-tts
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating user-provided text ({msg}) directly into the uvx edge-tts command. This pattern is vulnerable to shell injection if the input contains characters like semicolons, pipes, or backticks, potentially allowing execution of unauthorized code.
- [EXTERNAL_DOWNLOADS]: The skill utilizes uvx to fetch and execute the edge-tts package from the Python Package Index (PyPI), a well-known and standard package registry. This download is necessary for the skill's primary function and follows standard package management practices.
Audit Metadata