deepgram-js-text-to-speech
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by instructing users to manage credentials via environment variables (DEEPGRAM_API_KEY) using the dotenv library, preventing the accidental exposure of hardcoded secrets.- [EXTERNAL_DOWNLOADS]: The skill refers to official Deepgram documentation and provides an installation command for additional vendor-owned skills (npx skills add deepgram/skills). These resources originate from the verified vendor 'deepgram' and represent standard operational usage.- [PROMPT_INJECTION]: The skill establishes an interface for processing text input via the 'text' parameter in synthesis methods (Ingestion points: client.speak.v1.audio.generate and sendText). The capability inventory includes network operations to Deepgram's API endpoints. No specific boundary markers or sanitization logic are defined in the provided snippets. While this represents a surface for indirect prompt injection, it is considered a legitimate risk associated with the primary purpose of a text-to-speech tool and is classified as safe in this context.
Audit Metadata