elevenlabs
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill presents an indirect prompt injection surface (Category 8) because it extracts text from user-provided documents and interpolates it into prompts for the agent. * Ingestion points:
scripts/extract.pyreads data from PDF, DOCX, and text files. * Boundary markers: The workflow inSKILL.mddoes not specify the use of delimiters or 'ignore instructions' warnings when the agent processes extracted text. * Capability inventory: The skill can read local files and (via the ElevenLabs API) send processed content to external services. * Sanitization: Whilescripts/extract.pyincludes aclean_textfunction to strip markdown and code, it does not filter for natural language instructions that could hijack the agent's behavior. - Command Execution (LOW): The skill relies on
scripts/elevenlabs.pyto perform TTS andffmpegoperations. This script is missing from the provided files, which prevents verification of safe argument handling and shell execution practices.
Audit Metadata