Skills
skills/superconductor/superconductor-plugin-marketplace/text-to-speech/Gen Agent Trust Hub

text-to-speech

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill instructs the agent to run code from an external npm package that is not on the trusted sources list. Execution via npx downloads and runs the package immediately.
  • Evidence: Usage of npx -y superconductor-gemini-skills in all provided examples in SKILL.md.
  • Risk: If the npm package is compromised or maliciously crafted, it could execute arbitrary code on the host system.
  • Command Execution (LOW): The skill executes local shell scripts to interface with the Gemini API.
  • Evidence: bash ${CLAUDE_PLUGIN_ROOT}/scripts/gemini.sh.
  • Indirect Prompt Injection (LOW): The skill processes untrusted user-provided text for conversion to speech. While this primarily results in audio output, the surface for injection exists if the downstream agent uses the TTS results for further logic.
  • Ingestion points: TEXT TO SPEAK argument in shell and npx commands in SKILL.md.
  • Boundary markers: None present; the text is passed directly as a string.
  • Capability inventory: File system write (WAV file generation), network access (Gemini API).
  • Sanitization: None documented.
  • Credentials (INFO): The skill requires the GEMINI_API_KEY environment variable. This is a standard requirement for such services and is handled via environment variables rather than being hardcoded.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:54 AM