audio-composer
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes authenticated POST requests to the ElevenLabs API (
https://api.elevenlabs.io/v1/sound-generation) to generate and download MP3 audio files. This is the primary intended function of the skill when an API key is present. - [COMMAND_EXECUTION]: The script
scripts/compose_audio.mjsis executed to orchestrate asset generation. It performs legitimate file system operations, including reading project state fromgame-state.json, creating directories, and writing JSON descriptors and runtime JavaScript files to the project's asset and source folders. - [PROMPT_INJECTION]: The skill uses data from
game-state.json(such as genre and title) to construct prompts for the ElevenLabs audio generation API. While this represents an indirect prompt ingestion surface, the impact is limited to the content of generated audio files and does not affect agent or system security.
Audit Metadata