speech-engine
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official ElevenLabs SDKs (
@elevenlabs/elevenlabs-js,elevenlabs) and well-known libraries such asopenai,dotenv, andlivekit-client. These are trusted dependencies for the described real-time audio functionality. - [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill correctly instructs users to manage sensitive API keys via environment variables and explicitly warns against exposing credentials in client-side browser code.
- [COMMAND_EXECUTION]: The documentation mentions standard utility commands for local development, such as
ngrokfor creating secure tunnels and package managers for installation. No malicious shell patterns or arbitrary command executions were identified. - [PROMPT_INJECTION]: The skill processes user audio transcripts as input for an LLM. While this constitutes a standard indirect prompt injection attack surface inherent to chat and voice interfaces, the provided implementation follows standard patterns and does not expose high-risk tools or bypass safety guidelines.
Audit Metadata