elevenlabs-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly accepts and indexes third-party "web URLs" into the knowledge base and states in SKILL.md Step 3 (and the Knowledge Base / RAG endpoints in references/api-reference.md) that the agent "automatically searches" that knowledge base during conversations, so untrusted public web content can be ingested and directly influence agent responses and tool-routing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The widget embed template loads and executes remote JavaScript at runtime from https://elevenlabs.io/convai-widget/index.js, which runs code in the page and controls the agent/widget behavior, making it a required runtime dependency.