voice-batch-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required runtime flow (see scripts/clone_voice_take.mjs and the normalized request in references/tool-contracts.md) accepts a referenceAudioUrl and submits it to the hosted voice-clone endpoint (voice-qwen3-clone), causing the system/hosted provider to fetch and interpret arbitrary external audio URLs (public/user-provided), which can materially influence generation and downstream actions.