Oathe Security Badge

Is lisniuse/edge-tts safe?

https://github.com/lisniuse/edge-tts

99
SAFE

This is a legitimate text-to-speech synthesis tool that uses Microsoft Edge's TTS service to convert text to audio files. The skill contains straightforward Python code and documentation with no evidence of malicious behavior, prompt injection, or data exfiltration.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Shell script for dependency installation -5

The skill includes install_dependencies.sh which executes 'pip install edge-tts'. While this is standard practice for Python dependencies, it does involve code execution.

INFO Audio generation capability -5

The skill generates audio files from text, which could theoretically be used for voice spoofing or social engineering, though this is the legitimate intended functionality.