Security risk report for @forgecat/openai_skills_speech v0.0.10
Source Integrity
Low
Profile is sourced from OpenAI's official skills repository (https://github.com/openai/skills) with a specific commit hash.
Licensed under Apache-2.0, a well-known open-source license.
Metadata (author, repository, version, commit date) is transparent and verifiable.
Agent Intent
Low
Content describes legitimate text-to-speech functionality using the OpenAI Audio API with no hidden instructions or role hijacking.
Documentation provides clear guidance on instruction augmentation (adding delivery style hints) without rewriting user input or inventing requirements—this is standard skill documentation, not poisoning.
No directives to read credentials, exfiltrate data, hide instructions, install remote payloads, or leak system prompts.
References to external URLs (platform.openai.com for API key creation, GitHub for the original repo) are transparent and serve legitimate setup purposes.
Details
Evidence
'Never ask the user to paste the full key in chat. Ask them to set it locally and confirm when ready.'
'Never modify `scripts/text_to_speech.py`. If something is missing, ask the user before doing anything else.'
'Do not rewrite the input text.' (in instruction augmentation section)
Permissions
Low
Skill is scoped to a single, well-defined purpose: text-to-speech generation via OpenAI Audio API.
No shell, file_write, file_delete, or other high-risk tool categories are declared or implied.
Temporary file handling (tmp/speech/) is explicitly documented with cleanup instructions; output paths are user-controlled via --out flags.
No alwaysApply rules, glob patterns, or excessive authority beyond the stated function.
Details
Evidence
'Use `tmp/speech/` for intermediate files (for example JSONL batches); delete when done.'
'Use `--out` or `--out-dir` to control output paths; keep filenames stable and descriptive.'
MCP Risk
Low
No MCP servers are declared in the profile.
The skill relies on the OpenAI Python SDK (openai package) and a bundled CLI script (scripts/text_to_speech.py), both of which are standard, known-safe components.
Network access is required only for live API calls to OpenAI's official Audio API endpoint; this is expected and documented.
Details
Evidence
'(none)' in MCP servers section
'Use the OpenAI Python SDK (`openai` package) for all API calls; do not use raw HTTP.'