TTS

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly ingests arbitrary user-provided text (e.g., the Next.js POST handler that reads req.json() and the Express /api/tts endpoint that reads req.body.text) and feeds it into the TTS pipeline, so it consumes untrusted third-party/user-generated content as part of its workflow.