qwencloud-audio-tts
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/gossamer.pyusessubprocess.runto execute internal update-check scripts. This is part of a vendor-provided mechanism to verify skill versions and is triggered after the primary TTS tasks are completed. - [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference external dependencies. For example,
scripts/tts_cosyvoice.pyrequires thedashscopeSDK, and theSKILL.mdprovides instructions for installing a companion update-check skill usingnpx skills add. These downloads are from the official vendor and are required for full functionality. - [DATA_EXPOSURE]: The skill correctly manages sensitive credentials by requiring the use of environment variables or
.envfiles. It includes explicit instructions and code-level checks to prevent the accidental exposure of API keys in plaintext or logs.
Audit Metadata