elevenlabs-stt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and transcribes arbitrary public audio URLs (e.g., examples like infsh app run elevenlabs/stt --input '{"audio":"https://meeting-recording.mp3"}' in SKILL.md) and then uses those transcripts as inputs in workflows (e.g., feeding the transcript into infsh/caption-videos), meaning untrusted, user-provided audio can be ingested and its interpreted content can drive downstream tool actions.