elevenlabs-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 4: "Add Knowledge Base (RAG)" in SKILL.md) explicitly ingests web URLs and uploaded documents and the agent "automatically searches knowledge base during conversation" (plus webhook tool examples like "https://api.weather.com"), so untrusted third‑party content is fetched and used to influence agent decisions and tool calls.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The widget embed template includes a runtime-loaded external script that executes remote code and controls the agent UI: https://elevenlabs.io/convai-widget/index.js, which is required for the widget to function and therefore poses a runtime dependency.