The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The agents created using this skill process untrusted user voice or text input, which creates a surface for indirect prompt injection attacks where an attacker might attempt to override agent instructions or execute unauthorized tool calls.
Ingestion points: User messages are ingested via the useConversation hook (React/React Native) and the JavaScript Conversation client, as seen in assets/react-sdk-boilerplate.tsx and assets/javascript-sdk-boilerplate.js.
Boundary markers: The skill includes a robust mitigation guide in references/system-prompt-guide.md and assets/system-prompt-template.md, which defines a 6-component framework including mandatory 'Guardrails' to restrict prohibited actions.
Capability inventory: Agents possess significant capabilities, including browser navigation, cart updates, CRM record modification, and Stripe payment processing, documented in references/tool-examples.md.
Sanitization: The skill emphasizes prompt engineering and success criteria evaluation (LLM-based testing) to ensure agent alignment and behavior verification, as detailed in references/testing-guide.md.
[Command Execution] (SAFE): Several shell scripts (create-agent.sh, deploy-agent.sh, test-agent.sh) execute ElevenLabs CLI commands. These are safe as they are the primary purpose of the scripts and use proper variable quoting to prevent shell injection.
[Credentials Unsafe] (SAFE): The assets/agent-config-schema.json and tool configuration examples correctly use template placeholders (e.g., {{secret__openai_api_key}}) rather than hardcoding sensitive credentials.

elevenlabs-agents