voiceover
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill is configured to accept a 'file path' as an argument. It reads the content of the specified file and sends it to the ElevenLabs API. This behavior can be exploited to exfiltrate sensitive information from the local system (e.g.,
~/.ssh/id_rsa,.envfiles) by treating them as voiceover scripts. - [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external content from files and user-provided scripts that are used to influence API calls and potentially downstream agent reasoning.
- Ingestion points:
argument-hintand description inSKILL.md('script text or file path'). - Boundary markers: Absent; the skill does not define delimiters for script content.
- Capability inventory: External network communication via the ElevenLabs API.
- Sanitization: None detected; the skill performs text normalization for TTS but does not validate file paths or sanitize script content against malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata