elevenlabs
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the official ElevenLabs API (api.elevenlabs.io) to generate speech, sound effects, and musical compositions.
- [COMMAND_EXECUTION]: Utilizes system tools like 'ffmpeg' for audio segmentation and 'afplay' for playback. The skill includes a 'pathguard' utility that resolves and validates all file paths, ensuring operations are restricted to the workspace or temporary directories and preventing unauthorized file system access.
- [PROMPT_INJECTION]: The skill serves as a conduit for user-provided text to be processed by external ElevenLabs models, which is an inherent surface for indirect prompt injection.
- Ingestion points: Text inputs supplied via command-line arguments or JSON files in scripts/speech.py, scripts/sfx.py, scripts/music.py, and scripts/dialogs.py.
- Boundary markers: Absent; user-provided text is interpolated directly into the JSON payloads of API requests.
- Capability inventory: External network communication with ElevenLabs and local file writing for audio output.
- Sanitization: No specific filtering, validation, or escaping is performed on the input text before it is sent to the remote API.
Audit Metadata