voice-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (SKILL.md and scripts/asr.py) fetch and ingest audio from untrusted third-party sources—explicitly via arbitrary audio URLs and by downloading Feishu file_keys—and then convert that user-generated speech into text which the agent is instructed to treat as the user's message and act on, allowing spoken instructions from external sources to influence agent behavior.