text-to-speech
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
edge-ttsPython library and several Node.js packages includingws,fs-extra, and@modelcontextprotocol/sdkto manage WebSocket connections and file operations. - [DATA_EXFILTRATION]: The skill transmits text content from local documents to a Microsoft-owned WebSocket endpoint (
speech.platform.bing.com) for audio synthesis. This transmission is a core requirement of the skill's stated purpose and utilizes a well-known service. - [PROMPT_INJECTION]: The skill implements an attack surface for indirect prompt injection by processing arbitrary text from markdown and code files.
- Ingestion points: The skill reads local markdown documents, code files, and user-selected text as input for synthesis.
- Boundary markers: The documentation does not indicate the use of specific delimiters or system instructions to ignore potential commands embedded within the text files being processed.
- Capability inventory: The skill utilizes file system read/write capabilities (via
fs-extra) and maintains active network communication (viaws). - Sanitization: While the skill performs text preprocessing to strip markdown syntax and convert symbols into natural speech, it does not include sanitization designed to filter or neutralize malicious instructions found in the source data.
Audit Metadata