Skills
skills/inferen-sh/skills/elevenlabs-music/Gen Agent Trust Hub

elevenlabs-music

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill links to a GitHub repository (inference-sh/skills) and an image hosting domain (inference.sh) that do not match the author's verified naming patterns (inferen-sh.com, github.com/inferen-sh/*). The inclusion of the characters "ce" in these resources is a potential typosquatting vector.\n- [PROMPT_INJECTION]: The documentation contains instructions to install the infsh CLI and additional skills from sources that are not authorized by the vendor profile. This mismatch between the author's name and the resource domain is deceptive and could lead to the execution of unverified software.\n- [COMMAND_EXECUTION]: The skill executes the infsh CLI through Bash. The lack of alignment between the tool's source and the author's verified profile presents a risk, as the user is directed to install the tool from a mismatched repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 08:07 PM