Volcengine Ai Audio Tts

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only Volcengine text-to-speech skill with no code, installer, persistence, or hidden behavior found.

Install if you are comfortable sending text to Volcengine for speech synthesis. Avoid confidential or regulated text unless your Volcengine account terms and privacy requirements allow that use.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: 3. Execute TTS request and poll if async. 4. Return audio URL/path and reproducible parameters. ## Output Rules - Prefer stable audio formats (`mp3` or `wav`). - Keep text chunks short for long passages.
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal