speech
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted user-provided text and instructions to generate audio via an external API.\n
- Ingestion points:
SKILL.mdandreferences/cli.mddescribe taking verbatim text and delivery instructions directly from users or temporary JSONL batch files.\n - Boundary markers: Absent. There are no delimiters or specific system instructions to isolate user-provided content from the synthesis engine's control parameters.\n
- Capability inventory: The skill executes a Python CLI (
scripts/text_to_speech.py), performs outbound network requests to the OpenAI API, and writes audio artifacts to the local file system.\n - Sanitization: Absent. No evidence of validation, escaping, or filtering of the input text is provided in the skill documentation.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
openaiPython package from a remote registry.\n - Evidence:
SKILL.mdinstructs users to installopenaiviauvorpip. The severity is downgraded to LOW/INFO because the package is maintained by a trusted organization (openai).\n- [COMMAND_EXECUTION] (SAFE): The skill runs a bundled CLI script to perform its primary tasks.\n - Evidence:
references/cli.mdprovides usage examples forscripts/text_to_speech.py. This is standard for skill-based task automation. Note: the source of the Python script was not provided for detailed code-level audit.\n- [SAFE] (SAFE): The skill follows secure credential handling patterns.\n - Evidence:
SKILL.mdexplicitly warns users against pasting theOPENAI_API_KEYinto the chat and instead provides instructions for setting it as a local environment variable.
Audit Metadata