ElevenLabs Automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [External Downloads] (LOW): The skill references an external MCP server at https://rube.app/mcp for tool definitions. This involves a dependency on a third-party endpoint not listed in the trusted sources.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns were detected. API key handling is performed through standard connection prompts.
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts were found in the documentation or metadata.
- [No Code] (SAFE): This skill contains no local executable scripts, relying instead on the remote MCP server, which limits the local attack surface.
- [Indirect Prompt Injection] (SAFE): The skill has an injection surface via the 'text' input in speech generation tools. 1. Ingestion points: 'text' parameter in ELEVENLABS_TEXT_TO_SPEECH. 2. Boundary markers: Absent. 3. Capability inventory: Network access to ElevenLabs API, returning presigned S3 URLs. 4. Sanitization: Absent. Risk Assessment: Negligible as output is audio format.
Audit Metadata