Trust Assessment
elevenlabs-speech received a trust score of 29/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 4 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Arbitrary File Write via output_path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'transcribe' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/amreahmed/elevenlabs-voice/scripts/elevenlabs_scribe.py:40 | |
| HIGH | Potential data exfiltration: file read + network send Function 'text_to_speech' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/amreahmed/elevenlabs-voice/scripts/elevenlabs_speech.py:47 | |
| HIGH | Arbitrary File Write via output_path The `text_to_speech` method in `ElevenLabsClient` directly uses the `output_path` argument to write the generated audio file to the filesystem. If an AI agent allows untrusted user input to specify or influence this `output_path` without proper sanitization (e.g., restricting to a specific directory, validating filename), an attacker could potentially write files to arbitrary locations on the filesystem. This could lead to overwriting critical system files, planting malicious content, or denial of service. Implement strict validation and sanitization for the `output_path` argument in the calling agent. Restrict file writes to a designated, sandboxed directory that is not accessible to other critical system components. Avoid allowing user-controlled absolute paths or paths containing directory traversal sequences (e.g., `../`). | LLM | scripts/elevenlabs_speech.py:50 | |
| HIGH | Arbitrary File Read via audio_file_path The `transcribe` method in `ElevenLabsScribe` directly uses the `audio_file_path` argument to read an audio file from the filesystem. If an AI agent allows untrusted user input to specify or influence this `audio_file_path` without proper sanitization (e.g., restricting to a specific directory, validating file type), an attacker could potentially read arbitrary files from the filesystem. This could lead to the disclosure of sensitive configuration files, credentials, or other private data, which could then be implicitly exfiltrated to the ElevenLabs API as part of the transcription process. Implement strict validation and sanitization for the `audio_file_path` argument in the calling agent. Restrict file reads to a designated, sandboxed directory. Avoid allowing user-controlled absolute paths or paths containing directory traversal sequences (e.g., `../`). | LLM | scripts/elevenlabs_scribe.py:36 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/amreahmed/elevenlabs-voice/scripts/elevenlabs_scribe.py:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/amreahmed/elevenlabs-voice/scripts/elevenlabs_speech.py:1 |
Scan History
Embed Code
[](https://skillshield.io/report/22e9314e190e2fdd)
Powered by SkillShield