gemini-tts
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The core functionality is implemented in
scripts/tts.py, which is designed to be executed as a subprocess or CLI tool.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) through its input parameters.\n - Ingestion points: The
textargument and the--output-dirparameter inscripts/tts.pyaccept untrusted data.\n - Boundary markers: The script does not utilize boundary markers or instructions to isolate the input text from the agent's internal logic.\n
- Capability inventory: The script has capabilities to create directories, write WAV files to the local disk, and make outbound network connections to Google's API.\n
- Sanitization: There is no validation or sanitization of the
output_dirpath, which could allow for writing files outside the intended 'audio/' directory if path traversal sequences are provided.
Audit Metadata