Skills
skills/connorads/dotfiles/music/Gen Agent Trust Hub

music

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied text prompts to generate music, which creates a surface for indirect prompt injection attacks.\n
  • Ingestion points: The prompt parameter in the music.compose, music.composition_plan.create, and music.compose_detailed methods across SKILL.md and references/api_reference.md serves as the entry point for untrusted data.\n
  • Boundary markers: No explicit delimiters or instructions to the model to ignore embedded commands are included in the provided code snippets.\n
  • Capability inventory: The skill facilitates network communication with api.elevenlabs.io and file system operations to write audio files (e.g., output.mp3).\n
  • Sanitization: The provided examples do not demonstrate sanitization or validation of the input prompt strings before they are sent to the API.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install official ElevenLabs client libraries from standard package registries.\n
  • Evidence: references/installation.md specifies the installation of the elevenlabs Python package and the @elevenlabs/elevenlabs-js Node.js package.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:37 PM