Windows TTS (WSL2)

Security checks across malware telemetry and agentic risk

Overview

This TTS skill appears purpose-aligned, but its speech script can let crafted spoken text or options be interpreted as Windows PowerShell commands.

Install only if you trust the text and options being passed to it. Avoid using it to read untrusted, quoted, copied, or code-like content until say.sh is hardened with typed PowerShell parameters or safe stdin handling plus validation for rate and volume.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad conversational expressions like '说出来/读出来/念一下', which can overlap with normal dialogue and cause the skill to activate unexpectedly. In this skill, unexpected activation can immediately invoke PowerShell-backed speech output on the host, creating confusing behavior, privacy leakage through spoken content, or unwanted external side effects.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal