chough

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md Remote Mode and /transcribe examples explicitly allow submitting a "url" (e.g., POST /transcribe with {"url":"https://..."}), so the tool can fetch and transcribe arbitrary public audio files (untrusted third‑party content) that the agent will read/interpret as part of its workflow and which could contain instructions that influence subsequent behavior.