elevenlabs-transcribe
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to read the
.envfile in the current working directory to retrieve theELEVENLABS_API_KEY. This sensitive file access is part of the skill's setup instructions and its Python execution logic. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
uvtool to dynamically download and install theelevenlabsandpython-dotenvpackages from PyPI at runtime via inline script metadata. Additionally, the documentation suggests downloading an installation script fromastral.shfor theuvtool. - [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands, including
grepto check for environment variables anduv runto execute the transcription script located at~/.claude/skills/elevenlabs-transcribe/scripts/transcribe.py. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by transcribing external, untrusted audio and video files and returning the resulting text to the agent's context.
- Ingestion points: Audio or video files provided by the user via the
<audio-file>argument are ingested by thetranscribe.pyscript and sent to an external API. - Boundary markers: The transcription results are presented to the agent without clear delimiters or instructions to treat the content as untrusted data, which could lead to the agent following instructions embedded in the audio.
- Capability inventory: The skill possesses the ability to execute subprocesses (
uv run), read local files (.env, audio files), and perform external network operations via the ElevenLabs SDK. - Sanitization: No sanitization or safety filtering is performed on the transcribed text before it is returned to the agent.
Audit Metadata