elevenlabs-voice-changer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs largely point to a third‑party CLI/service (inference.sh) and a raw GitHub install doc plus media assets — while the media files themselves look benign, the skill instructs users to install and run an external CLI (potentially via shell installer), which is a common malware distribution vector and therefore moderately suspicious unless you trust the inference.sh project and have audited the install script.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the infsh CLI to run the remote app "elevenlabs/voice-changer" (infsh app run ...), which at runtime contacts and executes the app hosted on https://inference.sh, so https://inference.sh is a runtime dependency that executes remote code.