elevenlabs
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script communicates with api.elevenlabs.io, the official endpoint for ElevenLabs, which is a well-known technology service. This interaction is essential for the skill's functionality.
- [COMMAND_EXECUTION]: Provides a functional CLI via scripts/tts.py to perform audio generation, voice listing, and cloning tasks.
- [DATA_EXFILTRATION]: Transmits text and audio samples to the ElevenLabs API for processing. This behavior is documented and required for the tool's primary purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data.
- Ingestion points: scripts/tts.py ingests data from local files (via the @ prefix in the speak command or the input_file argument in batch), standard input, and command-line arguments.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used during data ingestion.
- Capability inventory: The skill performs file system writes for audio output and network POST requests to the ElevenLabs API.
- Sanitization: Input text is not sanitized before being sent to the remote API.
Audit Metadata