eleven-agent-manager
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded ElevenLabs API key was detected in the source code as a default value.\n
- Evidence: 'sk_2cdc94ae356746a5f92093400fd79d45cc7fa196ff01a229' in scripts/eleven_api.py.\n- [DATA_EXFILTRATION]: The skill instructions expose absolute file paths on the local filesystem, which can be used to map the host environment.\n
- Evidence: '/home/ec2-user/mega-agent2/.claude/skills/' in SKILL.md.\n- [PROMPT_INJECTION]: The skill allows the modification of agent system prompts using arbitrary user input without sanitization, exposing the agent to indirect prompt injection.\n
- Ingestion points: scripts/eleven_api.py via 'update-prompt' argument.\n
- Boundary markers: Absent. User input is directly placed into the JSON payload.\n
- Capability inventory: Can modify ElevenLabs agent behavior, voice settings, and MCP server configurations via requests to api.elevenlabs.io.\n
- Sanitization: No escaping or validation is performed on the 'prompt' string before submission.
Recommendations
- AI detected serious security threats
Audit Metadata