speech-to-text
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes official client libraries from the ElevenLabs organization, including the
@elevenlabs/elevenlabs-jsand@elevenlabs/reactpackages from NPM, and theelevenlabspackage from PyPI. - [DATA_EXFILTRATION]: Audio and video content is transmitted to ElevenLabs' official API endpoint (
api.elevenlabs.io) for transcription. This behavior is consistent with the skill's primary stated purpose and uses established service domains. - [COMMAND_EXECUTION]: Provides standard administrative commands for dependency installation (
npm install,pip install) and functional testing usingcurlto interact with the API. - [CREDENTIALS_UNSAFE]: The documentation correctly identifies the need for an
ELEVENLABS_API_KEYand explicitly recommends managing it through environment variables rather than hardcoding. It also correctly warns against exposing the API key in client-side code, suggesting a secure token-based backend approach instead.
Audit Metadata