The Agent Skills Directory

[SAFE]: The skill uses official Cartesia API endpoints (api.cartesia.ai) for its core functionality. These are well-known service providers and the integration is documented transparently.
[SAFE]: Secret management follows security best practices. The skill instructs users to store API keys in a local file with restricted permissions (chmod 600) or via environment variables, rather than hardcoding them in scripts.
[COMMAND_EXECUTION]: The tts.sh script executes shell commands including curl, python3, and ffprobe. These are used appropriately for network requests, JSON processing, and media metadata extraction within the skill's defined scope.
[DATA_EXFILTRATION]: While the skill performs network operations to api.cartesia.ai, these are restricted to sending the text content provided by the user for the purpose of speech generation. There is no evidence of harvesting sensitive files (like SSH keys or AWS configs) to be sent externally.

tts