elevenlabs-voice-changer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include an unfamiliar .sh CLI domain (inference.sh) that may ask you to run shell installers and several highly suspicious "filename-as-domain" .mp3 hostnames (e.g., recording.mp3, actor-line1.mp3) that are not standard trusted hosts and could easily be used to serve or mask malicious payloads even though a raw.githubusercontent.com doc and a cloud.inference.sh image look safer — overall this mix suggests a moderate-to-high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the inference.sh platform via the infsh CLI to run the remote app "elevenlabs/voice-changer" (https://inference.sh), which at runtime fetches and executes remote app code that the skill depends on.