speak
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/speak.tsinvokes external commands such asedge-tts,afplay, andsay. These invocations are implemented usingBun.spawnwith argument arrays, which prevents shell injection attacks by ensuring user-provided text is never interpreted as shell commands. - [EXTERNAL_DOWNLOADS]: The documentation indicates a dependency on the
edge-ttsPython package. This package is a standard utility for accessing Microsoft Edge's online text-to-speech services and is used here in a manner consistent with the skill's primary function.
Audit Metadata