agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The widget embedding documentation (references/widget-embedding.md) instructs users to load a script from 'https://unpkg.com/@elevenlabs/convai-widget-embed'. Although unpkg is a widely used CDN, it is not on the list of trusted sources, and loading remote scripts can pose a supply chain risk.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) in its outbound call functionality. \n
- Ingestion points: Untrusted data enters the agent's context through 'dynamic_variables' (e.g., 'customer_name', 'balance') passed to the 'outbound_call' method in 'references/outbound-calls.md'. \n
- Boundary markers: None are present; the documentation shows variables being directly interpolated into the agent's prompt using the '{{variable_name}}' syntax without delimiters. \n
- Capability inventory: The agents have access to system tools such as 'transfer_to_number' and 'end_call' (SKILL.md), which could be maliciously triggered if an attacker controls the dynamic variable content. \n
- Sanitization: There is no evidence of sanitization or validation of these variables before they are interpolated into the prompt.
Audit Metadata