alicloud-ai-audio-asr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary public audio URLs in the normalized interface and in scripts (SKILL.md and scripts/transcribe_audio.py) and fetches/ingests those remote audio files and any returned transcription JSON (via _fetch_json_url and _normalize_text), meaning untrusted third-party content can be converted to text that the agent will read and use in its workflow (e.g., influencing outputs or actions).