speech-to-text
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires an
ELEVENLABS_API_KEYfor authentication. It follows security best practices by encouraging the use of environment variables rather than hardcoding keys. Inreferences/realtime-client-side.md, it explicitly warns against exposing API keys in client-side code and provides a secure architecture for generating single-use tokens on the backend. - [EXTERNAL_DOWNLOADS]: The skill references official ElevenLabs packages and APIs (e.g.,
api.elevenlabs.io,@elevenlabs/elevenlabs-js). These are verified vendor resources. It also includes examples of streaming audio from external URLs (e.g., NPR streams), which is a legitimate feature for a transcription service. - [DATA_EXFILTRATION]: Audio and video data are transmitted to ElevenLabs' infrastructure for processing. This behavior is documented, expected for the skill's primary purpose, and occurs over secure HTTPS/WSS connections.
Audit Metadata