TTS
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The script imports 'z-ai-web-dev-sdk', which is not a verified or trusted repository according to security policy. This represents a dependency risk where the SDK's behavior cannot be guaranteed.
- COMMAND_EXECUTION (LOW): The skill performs file system writes using 'fs.writeFileSync'. While the provided example uses a hardcoded path, the pattern poses a risk of arbitrary file write if the output path is dynamically influenced by an agent or user input.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: The 'text' parameter in the 'main' function (tts.ts). 2. Boundary markers: Absent; untrusted text is passed directly to the SDK. 3. Capability inventory: File system write access via 'fs.writeFileSync' (tts.ts). 4. Sanitization: No sanitization or validation is performed on the input text.
Audit Metadata