chanjing-tts-voice-clone
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded authentication credentials are provided in the SKILL.md file for the Chanjing TTS service.
- The instructions include a plain-text app_id ("84042cb5") and secret_key ("10cd5091fe6042dfb91ba01816a991e0") in the example body for the Get Access Token API. Hardcoding secrets in skill instructions is a dangerous practice that can lead to credential theft or service abuse.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from untrusted external sources.
- Ingestion points: The skill accepts a user-provided url for reference audio in the Create Voice API and a text object for synthesis in the Create Speech Generation Task API.
- Boundary markers: There are no instructions or delimiters defined to isolate user-provided text or external audio metadata from the agent's instructions, nor are there warnings to the agent to ignore embedded commands.
- Capability inventory: The skill possesses network capabilities, performing GET and POST requests to the host open-api.chanjing.cc.
- Sanitization: No sanitization, validation, or filtering of the input text or the content at the provided URL is performed before processing.
- [DATA_EXFILTRATION]: The skill transmits user-provided text and external audio URLs to a remote service (https://open-api.chanjing.cc). Although this is the intended functionality of the text-to-speech service, it establishes a communication path to a non-whitelisted domain that could be used to transmit sensitive information entered by the user.
Recommendations
- AI detected serious security threats
Audit Metadata