Text-to-Speech

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SenseAudio text-to-speech documentation skill; it sends text to SenseAudio and writes example audio files, which matches its stated purpose.

Install only if you are comfortable sending text to SenseAudio using your API key. Avoid submitting secrets, regulated data, or private content unless you have reviewed SenseAudio’s terms, and choose output filenames deliberately because the examples create local response and audio files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill clearly sends user-provided text to a third-party remote API, but it does not include an explicit privacy or network disclosure warning to users. This can cause unintentional exposure of sensitive prompts, personal data, or confidential text to an external service, especially in agent workflows where users may assume local-only processing.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal