text-to-speech
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to subvert agent behavior or extract system instructions.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized access to sensitive files (e.g., credentials or private keys) were identified. Network usage is appropriate for the stated service.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill depends on the 'edge-tts' package, which is a reputable open-source library. No suspicious remote code execution or download patterns were found.
- Indirect Prompt Injection (SAFE): The skill processes text data for audio synthesis. Evidence Chain: 1. Ingestion Point: 'input' parameter in 'text_to_speech.py' (via file or stdin); 2. Boundary Markers: Absent; 3. Capability Inventory: Network synthesis, file write (MP3), and optional subprocess integration for 'voice-changer'; 4. Sanitization: Regex-based tag removal defined in 'tts_config.json'. As the primary function is audio synthesis, the risk to the agent context is minimal.
- Dynamic Execution (SAFE): No dynamic execution, runtime compilation, or unsafe deserialization patterns were observed.
Audit Metadata