text-to-speech

The skill aims to provide text-to-speech functionality via an API with options for voice, model, format, and processing to integrate into multimedia workflows. Its footprint is coherent with the stated purpose: authenticated API calls produce audio, with typical local post-processing (base64 decoding, file writes, and ffmpeg operations). The credential-related steps (reading auth.json and invoking a local auth binary) are normal in developer tooling but introduce potential credential exposure risk if misused by an agent. There are no evident download/execution patterns from untrusted sources, and there is no clear data exfiltration beyond user-initiated audio generation. Overall, the risk is Low-to-Medium (securityRisk ~ 0.25–0.35) with a caveat about credential handling patterns. Recommend ensuring explicit prompts to authorize credential usage, using official API endpoints, and verifying TLS and endpoint integrity.