speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s documentation and workflow explicitly allow ingesting remote, public media (e.g., the source_url / cloud_storage_url parameters in references/transcription-options.md and examples using stream_url/Realtime connect with external URLs in SKILL.md and references/realtime-server-side.md), meaning the agent will fetch and transcribe untrusted third-party audio/video (YouTube/TikTok/arbitrary HTTPS URLs), which could contain instructions that materially influence subsequent behavior.