The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends installing official ElevenLabs packages from standard registries, including @elevenlabs/cli, @elevenlabs/elevenlabs-js, and the elevenlabs Python package. It also references a client-side widget script hosted on unpkg.com, which is a well-known content delivery network.
[DATA_EXFILTRATION]: Documentation reveals that the ElevenLabs CLI tool stores sensitive API keys in the local directory path ~/.agents/api_keys.json. While this is standard for the platform's credential management, it identifies a sensitive file location.
[PROMPT_INJECTION]: The skill architecture facilitates processing external user voice and text input which is then interpreted by an LLM. This creates a surface for indirect prompt injection, where adversarial input could attempt to manipulate tool logic or bypass system instructions. Ingestion points: User transcripts and voice data entering the agent context. Boundary markers: No specific delimiters or instructions to ignore embedded commands are demonstrated in the provided prompt examples. Capability inventory: The system supports webhooks, browser-side JavaScript tools, and telephony-based call transfers. Sanitization: There is no documented evidence of input validation or sanitization for user transcripts prior to processing.

agents