speak-with-profile
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a transparent and documented workflow for processing speech tasks, including strict validation of voice settings and mandatory disclosure of AI-synthesized content.
- [COMMAND_EXECUTION]: The script
scripts/speak_with_profile.pyutilizessubprocess.runto call a local TTS engine and audio playback tools (open,afplay). The implementation correctly uses argument lists rather than shell strings, effectively mitigating shell injection risks. - [PROMPT_INJECTION]: The skill processes user-provided text through the
--textand--text-filearguments. While this represents a surface for indirect prompt injection, the skill's capabilities are restricted to audio synthesis and local playback, presenting minimal risk of system compromise. Evidence: (1) Ingestion:scripts/speak_with_profile.pyreads data from file paths or strings; (2) Boundary markers: Absent; (3) Capability inventory: Subprocess calls to a local TTS script and playback utilities; (4) Sanitization: Type and length validation are present, but content-level sanitization is absent.
Audit Metadata