handsfree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context via the runtime dictation path: say-listen.sh arms Wispr (open -g wispr-flow://start-hands-free), and the dictated transcript (authored by the user’s spoken words, i.e., not the operating user’s chosen prompt text) is pasted into the caller’s prompt and then sent to the agent’s LLM.