speech
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-supplied text for audio generation, which represents a surface for indirect prompt injection. Ingestion points: User text is accepted via the '--input' argument or through JSONL batch files in 'scripts/text_to_speech.py'. Boundary markers: The skill recommends reformatting directions into a labeled spec template, providing a degree of isolation from the main input. Capability inventory: The skill calls the OpenAI API over the network and writes output files to the local 'output/speech/' directory. Sanitization: No explicit sanitization or filtering of the input text for malicious instructions is described.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill requires the 'openai' Python package. Evidence: 'SKILL.md' and 'references/cli.md' instruct the user to install this package. Mitigation: 'openai' is a trusted library from a recognized organization (OpenAI), which downgrades the severity to LOW per the [TRUST-SCOPE-RULE].
- [Privilege Escalation] (LOW): The file 'references/codex-network.md' provides instructions on how to disable security approval prompts in the Codex environment by setting 'approval_policy' to 'never'. This is a best-practice violation that encourages users to weaken their security posture for convenience.
Audit Metadata