speech-to-text

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Most links are documentation and placeholder media on inference.sh (low intrinsic risk), but the presence of a remote installer (curl -fsSL https://cli.inference.sh | sh / https://cli.inference.sh) — i.e., instructions to fetch and execute a shell script from the network — is a high‑risk pattern because it can be used to deliver malware if the installer or domain is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and transcribe arbitrary public audio/video via user-supplied "audio_url" and "video_url" inputs (see Quick Start and examples), so it ingests untrusted third-party media that could encode indirect prompt-injection.