elevenlabs-music-generation
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation and invocation guide for a legitimate music generation tool. No malicious intent, obfuscation, or unauthorized access patterns were detected.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@runcomfy/cliNode.js package, which is the official command-line interface provided by the vendor agentspace-so. It also makes legitimate network requests to the vendor's API and download domains (*.runcomfy.net,*.runcomfy.com). - [CREDENTIALS_UNSAFE]: While the skill involves the use of an API token for authentication, it follows security best practices by recommending environment variables or local configuration files with restricted permissions. No secrets are hardcoded in the skill instructions.
- [COMMAND_EXECUTION]: Execution is confined to the
runcomfyCLI. The skill provides clear guidance on passing parameters via structured JSON to prevent potential shell injection issues.
Audit Metadata