The Agent Skills Directory

Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior or bypass safety filters. The documentation focuses entirely on technical usage and performance metrics.
Data Exposure & Exfiltration (SAFE): The skill operates locally on 127.0.0.1:7125. It does not access sensitive files (like SSH keys or cloud credentials) and does not send data to external third-party domains. The network activity is strictly limited to local communication between the CLI and the daemon.
Unverifiable Dependencies & Remote Code Execution (SAFE): The automated scan flagged a health check to the local daemon as a risk; however, manual review confirms this is a standard status check for a local service. Installation dependencies (pocket-tts, fastapi, uvicorn) are standard packages for the stated purpose. The skill includes an install.sh script that compiles the Rust binary from source, which is a transparent and acceptable installation method.
Subprocess Execution (SAFE): Subprocess calls in cli.py and install.sh are used for starting the local daemon, playing audio via system utilities (afplay, aplay), and building the project. These actions are consistent with the skill's primary function as a TTS tool.
Indirect Prompt Injection (SAFE): While the skill processes arbitrary text to generate speech, it does not execute the content of that text or use it in a way that could trigger downstream vulnerabilities. The data flow is unidirectional (Text -> Audio).
Persistence & Privilege (SAFE): The skill does not install system services or cron jobs. The daemon includes an auto-shutdown feature that terminates the process after 1 hour of inactivity, demonstrating good resource management and a lack of persistence intent.

speakturbo-tts