velt-recorder-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and process user-generated recordings, asset URLs, and AI transcriptions from Velt's APIs and webhook payloads (see SKILL.md / AGENTS.full.md sections "3. Data Management" and "1.2 Handle the recorder.done Webhook Event" which show fetchRecordings/getRecordings and processing recorder.done payloads), exposing the agent to untrusted third-party content that could contain indirect prompt-injection.