pp-elevenlabs
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to install binaries using
npx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library/.... These commands fetch and execute unversioned code directly from the author's NPM and GitHub repositories.\n- [DATA_EXFILTRATION]: The CLI tool supports a--deliver webhook:<url>flag, which is documented for routing output to an arbitrary HTTP POST endpoint. This feature could be leveraged to exfiltrate API results or local files if the agent's parameters are manipulated by an attacker.\n- [COMMAND_EXECUTION]: The skill relies on shell command execution via Bash to run theelevenlabs-pp-clibinary and perform environment setup, including installation and version verification.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data through web scraping and file uploads.\n - Ingestion points: Commands such as
convai create-url-document-route,convai update-content-from-url, andconvai create-file-document-routeallow external content to enter the agent context.\n - Boundary markers: There are no delimited boundaries or specific instructions to the agent to ignore potentially malicious directions embedded in the ingested documents.\n
- Capability inventory: The skill possesses the capability to write local files (
--out), execute shell commands, and transmit data over the network via the webhook delivery system.\n - Sanitization: No sanitization or validation logic is defined for the content processed from external sources.
Audit Metadata