Skills
skills/sundial-org/awesome-openclaw-skills/audio-gen/Gen Agent Trust Hub

audio-gen

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands using uv run to invoke a Python script (tts.py) for text-to-speech conversion. The script path is specified as /home/clawdbot/clawdbot/skills/sag/scripts/tts.py.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it generates a script based on user-provided topics and then interpolates that script directly into a shell command or a heredoc for execution.
  • Ingestion points: User-provided topics, ideas, or themes used to generate the audio script (SKILL.md).
  • Boundary markers: The instructions specify using double quotes ("[formatted_script]") or a heredoc (cat <<'EOF') to delimit the script content.
  • Capability inventory: The skill has the capability to execute shell commands via uv run and write to the /tmp directory (SKILL.md).
  • Sanitization: While the instructions tell the agent to remove markdown formatting, there are no specific requirements to escape shell metacharacters or validate the script content to prevent command injection if the LLM-generated output is maliciously influenced.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:07 AM