Skills
skills/aahl/skills/zai-tts/Gen Agent Trust Hub

zai-tts

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the uvx command-line utility to execute the zai-tts tool. This involves spawning subprocesses with parameters like {msg}, {tempdir}, and {filename}.
  • [EXTERNAL_DOWNLOADS]: The use of uvx implies that the zai-tts package is downloaded from an external registry (such as PyPI) and executed in an ephemeral environment at runtime.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it interpolates untrusted user input {msg} directly into a shell command string: uvx zai-tts -t "{msg}".
  • Ingestion points: User-provided text is captured in the {msg} variable and file paths are captured in {tempdir} and {filename}.
  • Boundary markers: While the variable is wrapped in double quotes, there is no evidence of shell-safe escaping or sanitization logic to prevent an attacker from using shell metacharacters (e.g., backticks, semicolons, or command substitution) to escape the string and execute arbitrary commands.
  • Capability inventory: The skill has the capability to execute shell commands and write files to the local system.
  • Sanitization: No sanitization or validation of the input variables is specified in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:02 PM