elevenlabs-voices
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill facilitates the management of ElevenLabs API keys, which are stored in local files such as
.envorconfig.json. It also accesses a vendor-specific configuration file at~/.thinkfleetbot/thinkfleetbot.json. - [COMMAND_EXECUTION]: Users are instructed to run local Python scripts including
setup.py,tts.py,sfx.py, andvoice-design.pyto interact with the service and configure the skill. - [PROMPT_INJECTION]: The skill accepts arbitrary text for voice synthesis through command-line arguments and batch files, which represents a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: CLI parameters (
--text,--prompt) and file-based batch inputs (texts.txt,batch.json). 2. Boundary markers: No explicit markers or instructions are mentioned to prevent the synthesis engine from obeying embedded commands. 3. Capability inventory: Execution of internal scripts and network API requests to ElevenLabs. 4. Sanitization: No sanitization or validation of input strings is documented.
Audit Metadata