The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill's setup process (found in src/python/embedded.ts) automatically downloads a pre-compiled Python distribution from github.com/indygreg/python-build-standalone. While this is a common source for standalone runtimes, the organization is not in the trusted list, and the binary is extracted and executed locally.
[REMOTE_CODE_EXECUTION] (MEDIUM): The src/python/setup.ts file uses pip to install several machine learning and audio libraries (mlx-audio, mlx-lm, scipy, sounddevice, librosa, einops). Installation of external packages from unverified sources poses a risk of supply chain attacks.
[COMMAND_EXECUTION] (LOW): The skill interacts with system utilities such as sox for audio concatenation and afplay (on macOS) for playback using spawn and spawnSync with array-based arguments. This pattern is generally resistant to command injection, though it does grant the agent the ability to execute these specific tools on the local system.
[INDIRECT_PROMPT_INJECTION] (LOW):
Ingestion points: The skill reads local markdown and text files for conversion to audio.
Boundary markers: It uses basic markdown stripping logic in src/core/markdown.ts but lacks rigorous boundary enforcement for user-provided data.
Capability inventory: The skill can write files, execute Python scripts, and play audio.
Sanitization: Content is cleaned of markdown syntax before being passed to the TTS engine, which reduces the risk of the engine attempting to interpret instructions, but the primary risk remains the agent's interpretation of the skill's outputs.

speak-tts