Skills
skills/wulaosiji/skills/voice-clone/Gen Agent Trust Hub

voice-clone

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits local audio samples (base64 encoded) and user-provided text to the external API domain 'api.wavespeed.ai'. This data transfer is the intended function of the skill for processing voice cloning and synthesis tasks.
  • [EXTERNAL_DOWNLOADS]: The skill fetches generated audio files from the WaveSpeed AI service and saves them to the local filesystem (e.g., in '/tmp/wuna_koubo'). These downloads originate from the expected service provider domain.
  • [PROMPT_INJECTION]: The skill accepts user-supplied text for synthesis, representing an indirect injection surface.
  • Ingestion points: The 'text' parameter in the 'generate_speech' and 'clone_voice' functions across 'voice_clone.py' and 'SKILL.md'.
  • Boundary markers: None identified; input text is interpolated directly into the JSON payload for the API.
  • Capability inventory: File system read/write access and network POST/GET operations to 'api.wavespeed.ai'.
  • Sanitization: No explicit sanitization or filtering is applied to the input text before it is sent to the synthesis model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 01:11 AM