elevenlabs-stt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to fetch and transcribe arbitrary public audio URLs (e.g., belt app run elevenlabs/stt --input '{"audio":"https://meeting-recording.mp3"}' and the "Workflow: Video Subtitles" step that pipes transcripts into infsh/caption-videos), so untrusted third‑party audio is ingested, transcribed to text the agent reads, and then used to drive downstream actions.