speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly has the belt CLI fetch and transcribe arbitrary public audio/video URLs (e.g., "audio_url": "https://audio.mp3", "video_url": "https://video.mp4"), and then uses those untrusted transcripts as inputs to downstream apps like caption-videos, so third‑party audio content can be transcribed into instructions that influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes remote apps via the inference.sh platform at runtime (e.g., belt app run infsh/fast-whisper-large-v3 contacting https://inference.sh), which executes remote code and is a required external runtime dependency.