elevenlabs-voice-isolator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs using arbitrary public audio URLs (e.g., infsh app run elevenlabs/voice-isolator --input '{"audio": "https://noisy-recording.mp3"}') and even shows a "Clean → Transcribe" workflow, so untrusted third‑party audio is fetched and transcribed (read/interpreted) and could contain instructions that materially influence downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and invokes the inference.sh service at runtime (e.g., via "infsh app run elevenlabs/voice-isolator" and the referenced https://inference.sh), which fetches and executes remote app code on that platform, so it depends on external code execution.