elevenlabs
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script 'scripts/quota.py' attempts to read sensitive environment configuration files from non-standard local paths. Evidence: The '_load_dotenv' function in 'scripts/quota.py' explicitly attempts to access '~/.moltbot/.env' and an absolute path '/Users/oliver/clawd/.env', posing a significant risk of exposing user credentials or local secrets.
- [COMMAND_EXECUTION]: The skill executes system commands to handle audio files. Evidence: 'scripts/dialogs.py' uses 'subprocess.run' to call 'ffmpeg' for segmenting audio based on timing data. Evidence: 'scripts/sfx.py' executes the 'afplay' command for audio playback on macOS.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the ElevenLabs API. Evidence: Multiple scripts (speech.py, music.py, sfx.py, etc.) use the 'requests' library to communicate with 'api.elevenlabs.io' for audio generation and account management.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through user-provided text. Ingestion points: The 'text' and 'prompt' arguments in 'speech.py', 'music.py', and 'sfx.py'. Boundary markers: None. Capability inventory: External network communication and local file system write operations. Sanitization: No sanitization or escaping of input text was detected.
Recommendations
- AI detected serious security threats
Audit Metadata