text-to-speech
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses the vendor's official
infshCLI to perform text-to-speech operations. - [COMMAND_EXECUTION]: The skill executes
infshcommands to interact with various audio models (Kokoro, DIA TTS, etc.). These commands are used as intended for the skill's primary function and do not involve unauthorized privilege escalation or dangerous shell operations. - [EXTERNAL_DOWNLOADS]: External links and image assets point to the official
inference.shandcloud.inference.shdomains, which are controlled by the skill's vendor. - [INDIRECT_PROMPT_INJECTION]: The skill processes text input to generate audio. While this is an ingestion point for external data, the output (audio files) does not create an immediate execution risk for the agent itself. Standard boundary markers should be used by the agent when interpolating untrusted text into the
--inputparameters.
Audit Metadata