elevenlabs-stt
Fail
Audited by Snyk on Jun 22, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). Several entries are nonstandard domain names that look like placeholder or dubious file-hosts (e.g., meeting-recording.mp3, audio.mp3, video.mp4) which are suspicious and could serve malware, while inference.sh and the raw.githubusercontent.com link look like legitimate project resources—no direct executables are present but the numerous unknown/placeholder hosts raise moderate-to-high risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow uses
belt app run elevenlabs/sttwith anaudioURL (e.g.,https://.../video.mp4), and the CLI will fetch/read that outsider-provided media and convert it into LLM-ingestible transcript text (outsider-authored content via public/remote URL ingestion).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata