speech-to-text

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes official client libraries from the ElevenLabs organization, including the @elevenlabs/elevenlabs-js and @elevenlabs/react packages from NPM, and the elevenlabs package from PyPI.
  • [DATA_EXFILTRATION]: Audio and video content is transmitted to ElevenLabs' official API endpoint (api.elevenlabs.io) for transcription. This behavior is consistent with the skill's primary stated purpose and uses established service domains.
  • [COMMAND_EXECUTION]: Provides standard administrative commands for dependency installation (npm install, pip install) and functional testing using curl to interact with the API.
  • [CREDENTIALS_UNSAFE]: The documentation correctly identifies the need for an ELEVENLABS_API_KEY and explicitly recommends managing it through environment variables rather than hardcoding. It also correctly warns against exposing the API key in client-side code, suggesting a secure token-based backend approach instead.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — speech-to-text