talktomepy-tts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill and docs explicitly allow configuring a non-local TALKTOMEPY_BASE_URL/--base-url (SKILL.md and README) and the runtime script scripts/speak_with_talktomepy.sh fetches and parses /model/status JSON (loaded/ready/detail/load_error) and /synthesize HTTP headers (Retry-After) to decide retries/waits and control flow, so untrusted remote responses could materially influence behavior.