google-tts
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
google_tts.pyinvokes theffmpegcommand-line utility viasubprocess.runto concatenate audio segments. The implementation follows security best practices by passing arguments as a list and avoiding shell execution, which mitigates the risk of command injection. - [EXTERNAL_DOWNLOADS]: The skill makes authenticated network requests to the Google Cloud Text-to-Speech API (
texttospeech.googleapis.com) to synthesize audio. This is a well-known and trusted service required for the skill's primary functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external document files (PDF, DOCX, TXT) through the
extract.pyscript. Evidence: 1. Ingestion points:extract.pyreads user-provided files to extract text for narration. 2. Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when the extracted text is processed by the agent. 3. Capability inventory: The skill has the capability to write files to the local system, execute theffmpegsubprocess, and access the external Google TTS API. 4. Sanitization: While theclean_textfunction inextract.pyremoves markdown formatting and URLs, it does not perform semantic sanitization to prevent malicious natural language instructions within documents from influencing the agent's behavior during the script generation phase.
Audit Metadata