elevenlabs
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): SKILL.md and references/voice-agents.md recommend installing 'elevenlabs' (pip/npm) and '@elevenlabs/cli' (npm) which are third-party packages not included in the trusted source list.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The MCP configuration in SKILL.md uses 'uvx elevenlabs-mcp' to dynamically download and execute the server code at runtime.
- [PROMPT_INJECTION] (LOW): The agent configuration in assets/customer-support-example.json is vulnerable to indirect prompt injection. 1. Ingestion points: Spoken user input (audio/transcripts). 2. Boundary markers: Uses markdown headers (# Guardrails). 3. Capability inventory: Accesses webhooks for identity verification and refund processing. 4. Sanitization: Uses 'Character Normalization' instructions to format input before tool calls.
- [COMMAND_EXECUTION] (LOW): scripts/generate_agent.py executes local file system writes to create JSON configuration files based on template parameters.
Audit Metadata