tts
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands (
curl,jq,mkdir,echo,cat,rm) to manage local configuration in.listenhub/tts/config.json, construct API request bodies, and handle the downloading of generated audio files. - [EXTERNAL_DOWNLOADS]: Communicates with
https://api.marswave.aito perform text-to-speech synthesis and fetch speaker lists. These downloads are directed to the vendor's official API infrastructure and are necessary for the skill's functionality. - [DATA_EXFILTRATION]: Transmits user-provided text and script content to the external Marswave AI API. This data transmission is the core function of the skill and is transparently documented in the instructions.
- [PROMPT_INJECTION]: The skill processes untrusted user text and script segments which are subsequently interpolated into JSON payloads and shell commands. While this presents an indirect prompt injection surface, it is a standard requirement for TTS services.
- Ingestion points: User-supplied text and multi-speaker scripts in
SKILL.md(Quick Mode and Script Mode). - Boundary markers: No specific delimiters or "ignore" instructions are defined for the input text when constructing shell commands.
- Capability inventory: File system access (read/write config), network access (
curl), and shell execution (bash,jq). - Sanitization: The instructions do not specify explicit sanitization or escaping mechanisms for the user input before it is passed to the API endpoints.
Audit Metadata