elevenlabs-tts

SUSPICIOUS. The skill's TTS functionality matches its stated purpose, but it relies on a vendor-controlled external CLI installed via pipe-to-shell, routes requests through inference.sh instead of direct ElevenLabs APIs, forwards authentication to that CLI, grants broad `infsh *` execution, and promotes transitive skill installation. This is not confirmed malware, but the intermediary data flow and trust expansion make the skill medium-to-high risk.