The Agent Skills Directory

[CREDENTIALS_UNSAFE] (MEDIUM): The skill requires a Home Assistant 'Long-Lived Access Token' (HASS_TOKEN) for authentication. This token is passed via curl headers in the play-tts.sh script. On multi-user systems, command-line arguments (including headers) can potentially be visible to other users via process monitoring tools like ps.
[COMMAND_EXECUTION] (MEDIUM): The play-tts.sh script starts a local HTTP server using python3 -m http.server. This server is unauthenticated and serves all files within the TTS_DIR directory to any device on the local network. If sensitive files (such as .env containing the HASS_TOKEN or private voice samples) are stored in or above this directory, they could be accessed by unauthorized parties.
[EXTERNAL_DOWNLOADS] (LOW): The Python script tts_sample.py uses the modelscope library to download the Qwen3-TTS model weights from external repositories. While this is expected behavior for an AI skill, it involves downloading and executing logic from external binary sources.
[PROMPT_INJECTION] (LOW): The skill ingests arbitrary user text to determine the 'emotion' of the generated speech through keyword matching in tts_sample.py. While this presents an indirect prompt injection surface, the impact is limited to modifying non-critical TTS parameters and does not lead to command execution or safety bypass.

homepod-tts