Skills
skills/glebis/claude-skills/elevenlabs-tts/Gen Agent Trust Hub

elevenlabs-tts

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted text while possessing file-system write capabilities.
  • Ingestion points: The text parameter in scripts/elevenlabs_tts.py accepts input that can be sourced from external, untrusted data.
  • Boundary markers: None are used to delimit or protect against instructions embedded within the text input.
  • Capability inventory: The skill performs file writing (open) and directory creation (mkdir) in scripts/elevenlabs_tts.py, alongside network requests to the ElevenLabs API.
  • Sanitization: No sanitization or validation is performed on the input text before it is processed by the API and saved.
  • [COMMAND_EXECUTION] (HIGH): The script is vulnerable to arbitrary file write. The output_path parameter in the generate_speech function and the --output CLI flag are not sanitized or restricted to a safe directory. This allows the process to write or overwrite files in any location it has permission to access, which could be exploited to corrupt system data or configuration files.
  • [DATA_EXFILTRATION] (LOW): The script initiates network requests to api.elevenlabs.io. While necessary for the skill's purpose, this domain is not on the trusted whitelist and represents a network operation that should be monitored.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:38 PM