pp-elevenlabs

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to install binaries using npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library/.... These commands fetch and execute unversioned code directly from the author's NPM and GitHub repositories.\n- [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, which is documented for routing output to an arbitrary HTTP POST endpoint. This feature could be leveraged to exfiltrate API results or local files if the agent's parameters are manipulated by an attacker.\n- [COMMAND_EXECUTION]: The skill relies on shell command execution via Bash to run the elevenlabs-pp-cli binary and perform environment setup, including installation and version verification.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data through web scraping and file uploads.\n
  • Ingestion points: Commands such as convai create-url-document-route, convai update-content-from-url, and convai create-file-document-route allow external content to enter the agent context.\n
  • Boundary markers: There are no delimited boundaries or specific instructions to the agent to ignore potentially malicious directions embedded in the ingested documents.\n
  • Capability inventory: The skill possesses the capability to write local files (--out), execute shell commands, and transmit data over the network via the webhook delivery system.\n
  • Sanitization: No sanitization or validation logic is defined for the content processed from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:31 AM
Security Audit — agent-trust-hub — pp-elevenlabs