article-tts

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OCR-to-speech helper, with the main caution being that users can opt to skip review before sending generated audio.

Keep confirmation enabled for private, financial, medical, or confidential images. Before sending, verify the active chat channel and recipient, and remember that generated text/audio may be saved locally and TTS content may be processed by the Edge TTS service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

Medium

Confidence: 94% confidence
Finding: The documented skip-confirmation flow explicitly allows OCR-extracted text to be converted to audio and sent over the active messaging channel without a human review step. Because OCR input can contain sensitive or misrecognized content, this increases the risk of unintended disclosure to third-party chat platforms or the wrong recipient.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal