sherpa-onnx-tts
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads pre-compiled binary runtimes and voice models from the k2-fsa/sherpa-onnx repository on GitHub during the installation process for multiple operating systems.
- [REMOTE_CODE_EXECUTION]: The skill executes the downloaded 'sherpa-onnx-offline-tts' binary at runtime. The executable and its dependencies are loaded from a dynamically constructed path based on environment variables or user-provided flags.
- [COMMAND_EXECUTION]: The wrapper script 'bin/sherpa-onnx-tts' invokes the TTS engine using 'node:child_process.spawnSync'. Arguments are passed as an array, which prevents shell command injection. However, the script also modifies system environment variables like 'LD_LIBRARY_PATH' and 'DYLD_LIBRARY_PATH' to point to the downloaded runtime's library directories, which is a technique for dynamic library loading from non-standard paths.
- [PROMPT_INJECTION]: The skill processes user-supplied text for speech synthesis without explicit boundary markers. While 'spawnSync' prevents shell injection, the TTS binary receives the raw input directly from agent prompts.
- Ingestion points: 'process.argv' in 'bin/sherpa-onnx-tts'
- Boundary markers: Absent
- Capability inventory: 'spawnSync' (subprocess execution), file system read/write
- Sanitization: Argument array usage in 'spawnSync' prevents shell injection but does not filter the text content passed to the binary.
Audit Metadata