Skills
skills/elevenlabs/skills/sound-effects/Gen Agent Trust Hub

sound-effects

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Data Exposure & Exfiltration] (LOW): The skill performs network requests to 'api.elevenlabs.io' to fulfill its primary function. While legitimate, this domain is not included in the predefined trusted whitelist.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted text data to generate audio, which creates a potential surface for indirect prompt injection.
    • Ingestion points: The 'text' parameter in Python, JavaScript, and cURL examples.
    • Boundary markers: Delimiters and instructions to ignore embedded commands are absent in the examples.
    • Capability inventory: The skill has network access (ElevenLabs API) and file-write capabilities (saving MP3 files).
    • Sanitization: No input validation or escaping of the 'text' variable is provided in the implementation examples.
  • [External Downloads] (LOW): The skill requires the installation of external packages ('elevenlabs' for Python and '@elevenlabs/elevenlabs-js' for Node.js) from public registries. These are official packages but represent a dependency on external code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 06:31 PM