avatar-invent
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates its workflow by executing internal scripts and sibling skill scripts (such as
generate_angles.py,clone_voice.py, andgenerate_image.py) using subprocess calls to manage the different stages of avatar creation. - [EXTERNAL_DOWNLOADS]: The voice design process involves making authenticated POST requests to the ElevenLabs API (
api.elevenlabs.io) to generate and download audio samples based on text descriptions. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by incorporating user-provided character descriptions directly into prompts for image and voice generation services.
- Ingestion points: Character descriptions are accepted via the
--descriptioncommand-line argument ininvent_avatar.pyandgenerate_hero.py. - Boundary markers: No explicit delimiters are used to separate user-provided text from the system's prompt templates.
- Capability inventory: The skill can execute local scripts via subprocess, write files to the local directory, and perform network requests to the ElevenLabs API.
- Sanitization: There is no evidence of input validation or escaping for the user-provided descriptions before they are used in prompt construction.
Audit Metadata