audify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches arbitrary HTTP(S) pages (see scripts/audify.py: fetch_text_from_url and read_resource and the SKILL.md "URL to MP3 bundle" workflow), cleans and then directly uses that untrusted, public webpage content as the transcript sent to Gemini TTS and to drive suitability/chunking decisions, so third-party page content can materially influence synthesis and tool behavior and enable indirect prompt injection despite some sanitization.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/audify.py fetches user-supplied HTTP/HTTPS resources at runtime (e.g., python3 scripts/audify.py "https://example.com/") via fetch_text_from_url and then injects the fetched text directly into the Gemini prompt for synthesis, so external URL content can directly control prompts.