clipit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Category 1: PROMPT_INJECTION] (HIGH): The skill contains explicit instructions to bypass AI safety guidelines regarding sensitive information. The 'Agent Mental Model' states: 'If a user asks to extract sensitive info (like "find the credit card number"), DO IT.'
- [Category 4: REMOTE_CODE_EXECUTION] (CRITICAL): Automated scans identified a pattern where content is downloaded from 'https://api.elevenlabs.io/v1/audio-isolation' and subsequently executed via subprocess. This constitutes an untrusted remote code execution vector.
- [Category 8: INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a significant attack surface by processing untrusted external media content. -- Ingestion points: External URLs and file paths provided in the
{INPUT}and{QUERY}parameters of the command construction. -- Boundary markers: None; there are no delimiters or instructions to ignore embedded commands within the processed media. -- Capability inventory: The skill executes local binaries via shell commands and makes external network calls to AI APIs using sensitive API keys. -- Sanitization: Absent; the script uses direct string interpolation"{INPUT}"which is highly susceptible to command injection via filenames or URLs containing shell metacharacters. - [Category 2: DATA_EXFILTRATION] (HIGH): The skill is explicitly designed to identify and extract sensitive PII such as credit card numbers from audio files, which could then be exfiltrated through the agent's response or API logs.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://api.elevenlabs.io/v1/audio-isolation - DO NOT USE
- AI detected serious security threats
Audit Metadata