speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent fetching and transcribing audio from arbitrary public URLs (e.g., "https://video.mp4", "https://meeting.mp3") via the inference.sh CLI and then using the resulting transcript in downstream apps (captions), so untrusted third‑party audio content can be ingested and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes remote apps via the infsh CLI (e.g., "infsh app run infsh/fast-whisper-large-v3"), which at runtime executes code hosted on https://inference.sh and is a required external dependency for the skill to function.