elevenlabs
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/elevenlabs.pyscript utilizes thesubprocess.runfunction to execute theffmpegutility for audio concatenation. The execution is handled through a manifest file generated in a temporary directory, ensuring the command construction remains isolated from direct user input strings. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external documents provided by users.
- Ingestion points: The
scripts/extract.pyscript reads and extracts text from various file formats (PDF, DOCX, MD, TXT). - Boundary markers: There are no explicit delimiters or system-level instructions defined in the workflow to differentiate between original document content and potential malicious instructions during the podcast script generation phase.
- Capability inventory: The agent context includes the ability to make network requests to the ElevenLabs API and execute
ffmpegvia the command line. - Sanitization: The
clean_textfunction inscripts/extract.pyprovides some mitigation by stripping metadata, URLs, code blocks, and HTML tags using regular expressions, though linguistically-based instructions might persist.
Audit Metadata