text-to-speech

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses official, well-known libraries for its functionality, specifically the elevenlabs package for Python and @elevenlabs/elevenlabs-js for Node.js. These are the standard SDKs provided by the service vendor.
  • [COMMAND_EXECUTION]: A Python example in references/streaming.md demonstrates how to use subprocess.Popen to call ffplay. This is a documented method for real-time audio playback that pipes audio data to a local media player without exposing the system to command injection from untrusted input.
  • [CREDENTIALS_UNSAFE]: The skill requires an ELEVENLABS_API_KEY and correctly instructs users to provide it via environment variables. It does not contain any hardcoded secrets or sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:36 PM
Security Audit — agent-trust-hub — text-to-speech