qwen3-tts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary URLs as inputs for ref_audio in generate_voice_clone and for audio in Qwen3TTSTokenizer.encode (see references/api_reference.md and examples showing "ref_audio: Path, URL" and "encode(... accepts path, URL, numpy array)"), so the agent can fetch and process untrusted public web content as part of its workflow.