replicate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation explicitly shows ingesting arbitrary public URLs for images/audio (e.g., "URL Input" and Whisper example with "https://example.com/audio.mp3" and image URL examples) and includes webhook/streaming handlers that read model outputs (prediction results/streamed LLM output) which the agent is expected to process, so untrusted third-party content could indirectly inject instructions that influence subsequent behavior.