speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports streaming and transcribing audio from arbitrary public URLs (see references/realtime-server-side.md "Stream from URL" with url="https://npr-ice.streamguys1.com/live.mp3" and realtime.connect/stream_url examples), so the agent ingests untrusted third-party audio/web content which it must read and interpret as part of its workflow, enabling indirect prompt injection via spoken instructions in those sources.