Dictation Audio

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward dictation audio generator, with ordinary cautions around third-party text-to-speech, ffmpeg, and a fixed output file.

Install only if you are comfortable using edge-tts and ffmpeg from trusted sources. Avoid entering confidential words or names unless you accept the text-to-speech provider’s data handling, and remember each run writes to /tmp/dictation.mp3 and may replace that file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: "-c", "copy", output_path ] result = subprocess.run(cmd, capture_output=True, timeout=60) return result.returncode == 0 finally: if os.path.exists(list_file):
Confidence: 76% confidence
Finding: result = subprocess.run(cmd, capture_output=True, timeout=60)

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal