audio-transcribe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill uploads audio to a third‑party ASR (DashScope / qwen3-asr) and explicitly fetches the transcription JSON via requests.get(transcript_url) in scripts/transcribe.py, and SKILL.md states calling agents read the produced .transcript.md for downstream processing — meaning untrusted/user‑provided spoken content and vendor-generated transcripts are ingested and can materially influence agent decisions.