edge-tts
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
edge-ttspackage viauvorpip. This is a well-known community library used to access Microsoft Edge's public TTS API. - [COMMAND_EXECUTION]: The skill provides a PowerShell script,
Say.ps1, which executes theedge-ttsandedge-playbackcommand-line tools. These executions are handled using standard PowerShell call operators and are consistent with the skill's stated purpose of providing a TTS CLI wrapper. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process and synthesize untrusted text input into audio.
- Ingestion points: Untrusted data enters the agent context through the
$Textparameter and pipeline input in theSay.ps1file. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the text are present.
- Capability inventory: The skill's scripts utilize subprocess calls via the PowerShell call operator (
&) to run theedge-ttsandedge-playbackbinaries. - Sanitization: There is no evidence of input sanitization or filtering for the text passed to the synthesis engine.
Audit Metadata