fluidaudio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly auto-downloads and loads models from public HuggingFace repositories (see "Models auto-download from HuggingFace" in references/infrastructure.md and the Quick Start) and allows redirecting the model registry URL (ModelRegistry.baseURL), meaning untrusted third-party model files from the open web are fetched and then directly influence ASR/diarization/TTS outputs used at runtime.