Edge Tts Cantonese

Security checks across malware telemetry and agentic risk

Overview

This is a small Cantonese text-to-speech helper whose behavior matches its stated purpose, with recipient-confirmation and privacy caveats.

Before installing, verify any referenced local scripts yourself, replace the hard-coded paths and example chat ID, and require confirmation before sending WhatsApp or Telegram voice messages. Avoid using sensitive text unless you are comfortable with Microsoft Edge TTS and the messaging platform processing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description 'voice reply requests' is broad and does not define clear boundaries for when the skill should activate. In an agent environment, this can cause unintended invocation on loosely related user messages, leading to unsolicited audio generation or action chaining into external scripts.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The listed trigger phrases are vague and lack scope restrictions, so common phrases like '讀俾我聽' or 'voice reply' could match normal conversation rather than a deliberate tool request. This increases the chance of accidental activation and unintended use of local scripts that generate or send audio.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal