Skills
skills/chanjing-ai/chan-skills/chanjing-tts/Gen Agent Trust Hub

chanjing-tts

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes hardcoded authentication credentials for the Chanjing TTS API within the Obtain AccessToken section of SKILL.md.\n
  • Evidence: The JSON request body specifies a literal app_id ("84042cb5") and secret_key ("10cd5091fe6042dfb91ba01816a991e0").\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its handling of user-provided text for speech synthesis.\n
  • Ingestion points: The text field in the Create Speech API call (SKILL.md).\n
  • Boundary markers: Absent. No delimiters or instructions are provided to help the agent distinguish between text to be synthesized and potential malicious instructions.\n
  • Capability inventory: The skill performs outbound network requests to open-api.chanjing.cc (SKILL.md).\n
  • Sanitization: Absent. The instructions do not define any validation or escaping for the input text before transmission to the external API.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 03:40 AM