ce-riffrec-feedback-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests user-provided, potentially untrusted recordings/notes from arbitrary Riffrec .zip bundles or uploaded media (see scripts/analyze_riffrec_zip.py prepare_source which extracts session.json/events.json and transcribe_media which consumes the media) and then embeds that transcript and extracted frames into the generated review prompt (write_review_prompt), meaning user-generated content is read and used to drive downstream analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The analyzer calls the OpenAI transcription endpoint (https://api.openai.com/v1/audio/transcriptions) at runtime via curl to obtain transcription text that is injected into the generated review_prompt.md and other artifacts (i.e., directly becomes model prompt/input), and the workflow by default relies on that transcription step.