speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting audio from arbitrary public URLs (e.g., realtime.connect with url and cloud_storage_url in references/realtime-server-side.md and SKILL.md, including the example streaming https://npr-ice.streamguys1.com/live.mp3), producing transcripts that the docs say are used as a "source of truth" for application logic—so untrusted third-party content is read and can materially influence application behavior.