elevenlabs-stt

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The set includes a direct .sh installer URL (inference.sh) and a raw GitHub install document that likely points to running a CLI installer (curl|bash-style), both of which are unverified executable-distribution vectors; while the .mp3/.mp4 links are lower-risk by themselves, they can be used as bait or as payload containers, so overall this collection represents a suspicious download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and transcribes arbitrary public audio URLs (e.g., examples like infsh app run elevenlabs/stt --input '{"audio":"https://meeting-recording.mp3"}' in SKILL.md) and then uses those transcripts as inputs in workflows (e.g., feeding the transcript into infsh/caption-videos), meaning untrusted, user-provided audio can be ingested and its interpreted content can drive downstream tool actions.