qwen-tts-voice-cloning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md data-collection step explicitly instructs using yt-dlp to download audio from arbitrary YouTube URLs (public/user-generated), and those downloaded files and transcripts are then transcribed (split.py), prepared (prepare_data.py) and used as training/evaluation inputs (train.py / check.py), so untrusted third‑party content is ingested and can materially influence training and subsequent tool behavior.