Skills
skills/krishagel/geoffrey/elevenlabs-tts/Gen Agent Trust Hub

elevenlabs-tts

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
  • [Data Exposure & Exfiltration] (HIGH): The skill documentation explicitly instructs the agent to access a sensitive .env file containing credentials.
  • Evidence: Under the 'Environment Setup' section, the skill specifies the path ~/Library/Mobile Documents/com~apple~CloudDocs/Geoffrey/secrets/.env for the ELEVENLABS_API_KEY. Referencing specific secret files or credential directories is a high-risk pattern that facilitates credential theft.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted external content provided via text or files.
  • Ingestion points: The --text and --file arguments in scripts/generate_audio.py accept input from potentially untrusted sources (e.g., user-provided text or downloaded files).
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore embedded commands within the text to be narrated.
  • Capability inventory: The skill utilizes Bash to execute local scripts and Write to save output files.
  • Sanitization: Not mentioned. The security depends entirely on the (unprovided) Python script's handling of shell arguments and file paths.
  • Assessment: Since the primary output is an audio file, the risk of an injection influencing the agent's internal state is low, but the capability to execute shell commands makes sanitization of the input arguments critical.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:46 AM