Skills
NYC
skills/vm0-ai/vm0-skills/elevenlabs/Gen Agent Trust Hub

elevenlabs

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses curl to interact with the ElevenLabs API. The use of bash -c is included as a specific workaround for environment-specific variable interpolation issues and is not used for malicious purposes.
  • [CREDENTIALS_UNSAFE] (SAFE): The skill follows best practices by using the vm0_secrets metadata to manage the ELEVENLABS_API_KEY. No hardcoded secrets were found.
  • [DATA_EXFILTRATION] (SAFE): Network activity is restricted to the official api.elevenlabs.io domain for the intended purpose of voice generation.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-supplied text. It mitigates shell injection risks by writing the payload to a temporary JSON file and using the -d @file curl syntax instead of interpolating text directly into a command string.
  • Ingestion points: User-provided text in SKILL.md examples.
  • Boundary markers: Absent.
  • Capability inventory: Subprocess calls (curl), file-write (to /tmp/elevenlabs_request.json).
  • Sanitization: Uses JSON file payload for curl to avoid shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:06 PM