ElevenLabs Automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an MCP server from
https://rube.app/mcp. This is the standard delivery mechanism for Composio's hosted Model Context Protocol (MCP) tools, which are used to execute the ElevenLabs API calls. This is a well-known service in the AI agent ecosystem. - [CREDENTIALS_UNSAFE]: The skill requires ElevenLabs API key authentication to function. It directs users to connect their account when prompted by the MCP client, which is the recommended practice for secure credential management rather than hardcoding secrets.
- [DATA_EXFILTRATION]: The
ELEVENLABS_TEXT_TO_SPEECHtool generates audio files and provides a presigned S3 download link (data.file.s3url). This is a standard and secure method for temporary file delivery from a cloud storage service (AWS S3). - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided text for speech synthesis. While this is an ingestion point for untrusted data, the output is an audio file and does not influence the agent's control flow or instructions, making it a low-risk surface.
Audit Metadata