videoagent-audio-studio
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: User-provided prompts and text are sent to external endpoints including the ElevenLabs and fal.ai APIs, as well as a vendor-hosted proxy at 'audiomind-proxy.vercel.app' for audio synthesis and processing.
- [COMMAND_EXECUTION]: The 'tools/start_server.sh' script executes the 'elevenlabs-mcp' server and implements a usage tracking mechanism by reading and writing to a local file at '/tmp/audiomind_usage_count.txt'.
- [EXTERNAL_DOWNLOADS]: The skill's installation process involves downloading the '@elevenlabs/mcp' package from the NPM registry to enable local MCP server functionality.
- [PROMPT_INJECTION]: The skill has an inherent vulnerability to indirect prompt injection because it processes arbitrary user-supplied text for audio generation without sanitization or boundary markers.
- Ingestion points: User-provided text for 'narrate', 'compose', or 'sound effect' commands is passed directly to external APIs.
- Boundary markers: No delimiters or protective instructions are used to separate user data from system instructions.
- Capability inventory: The skill can write files to the local system (audio outputs), make network requests to external proxies/APIs, and execute local subprocesses.
- Sanitization: There is no evidence of input validation or escaping for the text prompts processed by the skill.
Audit Metadata