avatar-invent

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates its workflow by executing internal scripts and sibling skill scripts (such as generate_angles.py, clone_voice.py, and generate_image.py) using subprocess calls to manage the different stages of avatar creation.
  • [EXTERNAL_DOWNLOADS]: The voice design process involves making authenticated POST requests to the ElevenLabs API (api.elevenlabs.io) to generate and download audio samples based on text descriptions.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by incorporating user-provided character descriptions directly into prompts for image and voice generation services.
  • Ingestion points: Character descriptions are accepted via the --description command-line argument in invent_avatar.py and generate_hero.py.
  • Boundary markers: No explicit delimiters are used to separate user-provided text from the system's prompt templates.
  • Capability inventory: The skill can execute local scripts via subprocess, write files to the local directory, and perform network requests to the ElevenLabs API.
  • Sanitization: There is no evidence of input validation or escaping for the user-provided descriptions before they are used in prompt construction.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM