Security audit

Voice TTS

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward text-to-speech skill that generates local audio files and can send them through messaging channels, with the main caution being third-party processing and local file retention.

Install edge-tts only from a trusted package source, avoid converting secrets or confidential text, confirm the destination channel before sending, and delete generated audio files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs users to send arbitrary text to edge-tts and then onward to messaging channels without warning that the text may leave the local environment and be processed by external services. In a messaging skill, this omission is materially risky because users may include sensitive content assuming the action is purely local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal