qwen3-tts-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface identified in the text-to-speech processing pipeline. Ingestion points: Untrusted user-provided text is ingested via the
dubbing-skills/scripts/prepare_dubbing.pyscript and the AI instructions indubbing-skills/SKILL.md. Boundary markers: Absent. The instructions lack explicit delimiters or 'ignore' directives to prevent the LLM from executing instructions embedded within the text segments. Capability inventory: The skill provides capabilities for local script execution viauv runand file system writes for audio and JSON output. Sanitization: Absent. No input validation or filtering is applied to the input text before it is analyzed by the AI. - [EXTERNAL_DOWNLOADS] (LOW): The skill's documentation and examples reference external resources including AI model weights hosted on Hugging Face (
Qwen/Qwen3-TTS...) and reference audio files on Alibaba Cloud OSS. While these sources are not in the predefined 'trusted' list, they are necessary for the primary functionality of a TTS skill and do not involve remote script execution.
Audit Metadata