talktomepy-tts
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for local operations and implements high-quality sanitization and validation patterns.- [COMMAND_EXECUTION]: The core logic in scripts/speak_with_talktomepy.sh uses system tools like curl and afplay. All user-supplied inputs are double-quoted and handled safely through Python subprocesses, preventing command injection.- [DATA_EXFILTRATION]: The skill interacts with a local text-to-speech service at a configurable endpoint. It does not access sensitive files or transmit data to unauthorized external locations.- [PROMPT_INJECTION]: The skill ingests user text through the --text and --instruct flags. It mitigates indirect prompt injection and schema confusion risks by using an internal Python script to safely encode these inputs into a JSON payload, ensuring the data is correctly escaped before processing.
Audit Metadata