Skills
skills/skillsh/skills/text-to-speech/Gen Agent Trust Hub

text-to-speech

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool to run inference applications and manage audio processing tasks. This tool usage is explicitly defined and limited in the skill configuration.
  • [EXTERNAL_DOWNLOADS]: The documentation provides links to installation instructions and API references hosted on inference.sh and its official GitHub repository (github.com/inference-sh). These resources are used for initial setup and user guidance.
  • [DATA_EXFILTRATION]: Includes the infsh login command, which is necessary for authenticating the CLI with the provider's platform. This is standard functionality for cloud-based AI services.
  • [PROMPT_INJECTION]: The skill acts as an interface for speech synthesis models, creating an indirect prompt injection surface where user-provided text is processed by external AI models.
  • Ingestion points: User text is passed through the --input JSON parameter in infsh app run commands across SKILL.md.
  • Boundary markers: Input text is structured within JSON objects, providing a clear boundary between instructions and data.
  • Capability inventory: The agent's capabilities are restricted to the infsh tool via the Bash shell.
  • Sanitization: The skill does not implement client-side sanitization, relying instead on the safety filters of the underlying inference models.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 12:27 PM