AudioEditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The pipeline ingests arbitrary user audio files (e.g., from ~/Downloads or user-provided paths), transcribes them, sends the transcript to the Anthropic API in Tools/Analyze.ts as part of the required Clean workflow (Workflows/Clean.md and Pipeline.ts), and then directly uses the LLM's JSON output to drive edits applied by Tools/Edit.ts—so untrusted/user-provided third-party content can indirectly inject instructions that change tool behavior.