elevenlabs-stt

Fail

Audited by Snyk on Jun 22, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Several entries are nonstandard domain names that look like placeholder or dubious file-hosts (e.g., meeting-recording.mp3, audio.mp3, video.mp4) which are suspicious and could serve malware, while inference.sh and the raw.githubusercontent.com link look like legitimate project resources—no direct executables are present but the numerous unknown/placeholder hosts raise moderate-to-high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow uses belt app run elevenlabs/stt with an audio URL (e.g., https://.../video.mp4), and the CLI will fetch/read that outsider-provided media and convert it into LLM-ingestible transcript text (outsider-authored content via public/remote URL ingestion).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 22, 2026, 04:46 PM
Issues
2