component-version-upgrade

The upgrade procedure itself is operationally reasonable for maintaining a local TTS + Telegram bot stack, but it contains medium-high supply-chain risk because it instructs running unpinned installers and package-manager upgrades that download and execute remote code without documented integrity verification. There is no direct evidence in this text of malicious intent, hard-coded credentials, or explicit exfiltration endpoints. Primary recommendations: require version pinning or lockfile usage, verify signatures/checksums for model and installer artifacts, limit automation so the user explicitly approves each network-executing step, and audit the contents of kokoro-install.sh and any packages fetched from registries before running upgrades.