speech-to-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running the app on arbitrary public audio/video URLs (e.g., infsh app run ... --input '{"audio_url":"https://audio.mp3"}' and the "Video Subtitles" workflow using the produced transcript), so the agent ingests untrusted third-party audio that it transcribes and then uses in follow-up actions, allowing indirect instruction injection.