alibabacloud-bailian-voice-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's speech_recognition workflows (scripts/speech_recognition.py) explicitly accept and fetch publicly accessible audio URLs (file_urls) — submitting them to Transcription.async_call / POST, downloading the transcription JSON from transcription_url, and parsing transcripts[].text — which clearly ingests untrusted third-party user content that could contain instructions affecting subsequent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs system-level changes (e.g., "sudo apt install ffmpeg"), CLI configuration changes like enabling AI-mode and creating/deleting API keys that modify ~/.aliyun/config.json, and automated API-key creation—actions that alter the machine/user environment and may require elevated privileges.