edge-tts
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted text input, creating a surface for indirect prompt injection.\n
- Ingestion points: The
textargument inscripts/tts-converter.jsaccepts arbitrary strings from the agent's context for audio conversion.\n - Boundary markers: The skill does not implement delimiters or specific instructions to isolate the input text from the agent's control flow or prevent it from interpreting instructions.\n
- Capability inventory: The script performs file writes to the local system (audio and subtitle JSON) and initiates network requests to the Microsoft Edge TTS API (File: scripts/tts-converter.js).\n
- Sanitization: Input text is filtered for keyword triggers (e.g., 'tts') to avoid audio repetition but is not sanitized for malicious embedded instructions.\n- [EXTERNAL_DOWNLOADS]: Downloads required dependencies including
node-edge-ttsandcommanderfrom the official npm registry during installation.\n- [COMMAND_EXECUTION]: Executes shell commands vianpm installand Node.js scripts to perform audio conversion and manage user configurations (Files: install.sh, scripts/package.json).\n- [DATA_EXFILTRATION]: Transmits user-provided text to Microsoft's well-known neural TTS service for audio processing. This is an expected and legitimate operation for the skill's primary purpose.
Audit Metadata