windows-tts

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill runs user-supplied text inside a PowerShell -Command string without escaping $ or PowerShell subexpressions, which allows arbitrary PowerShell expression evaluation/command execution (file reads, environment access, etc.) when say.sh or --voice input is attacker-controlled, so it presents a high-risk local code-injection/RCE and data-exposure vulnerability.