Skills
skills/sundial-org/awesome-openclaw-skills/openai-tts/Gen Agent Trust Hub

openai-tts

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The script uses curl to communicate with the OpenAI API and optionally save the output to a file. This behavior is consistent with the skill's stated purpose.\n- [PROMPT_INJECTION] (LOW): The skill has a vulnerability surface for indirect prompt injection via malformed command-line arguments.\n
  • Ingestion points: CLI arguments for --voice, --model, --format, and --speed in scripts/speak.sh.\n
  • Boundary markers: None.\n
  • Capability inventory: Network access to api.openai.com and local file writing.\n
  • Sanitization: The main text input is sanitized using jq. However, other parameters are interpolated directly into the JSON payload (e.g., "model": "${model}") without escaping. This allows for JSON injection which could manipulate the request structure sent to OpenAI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 12:00 PM