Skills
skills/noizai/skills/tts/Gen Agent Trust Hub

tts

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads reference audio files from noiz.ai and storage.googleapis.com for voice synthesis. It also enables downloading audio from user-specified URLs for voice cloning purposes.
  • [COMMAND_EXECUTION]: Employs subprocess to execute ffmpeg, ffprobe, and kokoro-tts for tasks such as audio rendering, segment duration analysis, and local voice synthesis. It also attempts to call system audio players (afplay, aplay, paplay) for direct playback.
  • [PROMPT_INJECTION]: The skill ingests untrusted text and SRT data which is used for TTS synthesis and media assembly, presenting an indirect prompt injection surface.
  • Ingestion points: tts.py (text strings and text files), render_timeline.py (SRT subtitle files and JSON voice maps).
  • Boundary markers: None; input text is processed as raw content for audio generation.
  • Capability inventory: Execution of ffmpeg and kokoro-tts via subprocess; network communication with noiz.ai endpoints.
  • Sanitization: Input content is used for synthesis without explicit sanitization or filtering logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:32 PM