elevenlabs-voice-changer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'belt' CLI tool to execute remote audio applications for voice conversion, governed by the allowed-tools configuration.- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the CLI and related skills from the vendor's GitHub repository and via npx. These resources trace back to the vendor's official infrastructure.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted audio data via URL input.\n
- Ingestion points: The 'audio' field in the JSON payload passed to the 'belt' command in SKILL.md.\n
- Boundary markers: No delimiters or isolation instructions are provided to mitigate risks from malicious content in processed files.\n
- Capability inventory: The skill has 'Bash(belt *)' permission, enabling the execution of remote application logic.\n
- Sanitization: There is no evidence of URL validation or input sanitization within the skill instructions.
Audit Metadata