Skills
skills/halt-catch-fire/skills/elevenlabs-tts/Gen Agent Trust Hub

elevenlabs-tts

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the belt CLI and supplementary skills from the inference-sh organization on GitHub.
  • [COMMAND_EXECUTION]: Executes the belt command-line tool to run AI applications and manage user authentication. Command execution is limited to the belt tool via the allowed-tools configuration.
  • [PROMPT_INJECTION]: Ingests external text content for conversion into speech, creating a surface for indirect prompt injection.
  • Ingestion points: The 'text' field within JSON input for the belt app run command in SKILL.md.
  • Boundary markers: Untrusted content is wrapped in JSON string literals.
  • Capability inventory: Shell execution is constrained to the belt CLI namespace.
  • Sanitization: No explicit filtering or sanitization of the input text is performed before it is passed to the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — elevenlabs-tts