edge-tts
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements text-to-speech conversion using the legitimate
node-edge-ttsnpm package, which interfaces with Microsoft Edge's public TTS API. No malicious patterns or obfuscation were detected in the source code. - [EXTERNAL_DOWNLOADS]: During installation, the skill downloads the
node-edge-ttsandcommanderpackages from the official npm registry. These are well-known libraries for TTS and CLI argument parsing respectively. - [COMMAND_EXECUTION]: The skill provides local Node.js scripts (
tts-converter.jsandconfig-manager.js) to handle conversion and management of user preferences. These scripts are executed within the local environment to generate audio files and manage settings in a local JSON file. - [PROMPT_INJECTION]: The skill processes user-provided text for speech synthesis. While this presents an indirect prompt injection surface where a malicious input might attempt to influence the agent via the generated audio, the impact is limited to the primary function of the skill (audio output) and is handled through standard tool invocation.
Audit Metadata