google-tts
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
google_tts.pyscript usessubprocess.runto executeffmpegfor concatenating audio segments. This is a legitimate functional requirement for generating audio for documents that exceed the API's single-request byte limit. The implementation correctly passes arguments as a list to prevent shell injection. - [PROMPT_INJECTION]: The skill reads and processes user-provided documents, creating an indirect prompt injection surface where instructions hidden in the document could influence agent behavior.
- Ingestion points:
extract.pyreads and parses PDF, DOCX, and Markdown files. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are included in the prompt templates.
- Capability inventory: The skill can execute system commands (
ffmpeg) and perform network requests to Google Cloud APIs. - Sanitization: The
clean_textfunction inextract.pyremoves markdown formatting, HTML tags, and URLs from the extracted text using regular expressions, providing a layer of defense against some injection patterns.
Audit Metadata