hume

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's "Start Inference Job from URLs" workflow explicitly shows sending arbitrary public URLs (e.g., "https://example.com/media-file.mp4") to Hume's batch jobs API, meaning the skill ingests untrusted third-party media whose content will be analyzed and can materially influence model outputs and subsequent actions (TTS/EVI), creating a pathway for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime calls to the Hume API (e.g., POST/GET to https://api.hume.ai/v0/evi/prompts) which create and retrieve EVI prompts that directly control agent instructions, and the skill depends on that external content for prompt management.