byted-las-asr-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary http/https (and tos://) audio URLs (see SKILL.md examples and scripts/skill.py --audio-url handling and _validate_url/submit_task) and sends them to the operator /submit endpoint and later reads the transcription from /poll, so untrusted, user-provided audio (and its transcribed text) is ingested and returned as part of the workflow and could contain instructions that influence subsequent actions.