local-tts
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The file
docs/setup.mdinstructs users to install theuvtool by executingcurl -LsSf https://astral.sh/uv/install.sh | sh. This pattern is a critical security risk as it executes unverified code from a remote server directly in the user's shell.\n- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill dynamically downloads and executes model weights and code from Hugging Face (mlx-community/Kokoro-82M-bf16) and other sources (spaCy, espeak-ng) upon first run. These assets are not pinned by hash or verified, allowing for potential supply-chain attacks if the remote repositories are compromised.\n- Data Exposure & Exfiltration (LOW): The scriptscripts/generate_audio.pyhas broad file system access, allowing it to read any text file via the--fileargument and write audio output to any user-specified path via--output.\n- Indirect Prompt Injection (LOW):\n - Ingestion points: Ingests untrusted text via CLI arguments or local files in
scripts/generate_audio.py.\n - Boundary markers: Absent. The text is passed directly to the ML model.\n
- Capability inventory: File system read/write, audio processing. No network exfiltration or command execution found in the core processing logic.\n
- Sanitization: None. The skill assumes the input text is safe for processing.
Recommendations
- AI detected serious security threats
Audit Metadata