TTS
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on 'z-ai-web-dev-sdk', which is not a verified package from a trusted organization. This poses a risk as the code within the external package cannot be verified for safety during static analysis.
- [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection by accepting arbitrary text for TTS processing.
- Ingestion points: The 'text' parameter in the 'main' function (tts.ts).
- Boundary markers: Absent; there are no delimiters or instructions to ignore potential commands embedded in the input text.
- Capability inventory: The skill performs network requests (via the SDK) and local file writes ('fs.writeFileSync').
- Sanitization: No validation or escaping is applied to the input text before it is passed to the SDK.
Audit Metadata