deepgram-multi-env-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime code explicitly fetches and transcribes audio from arbitrary/public URLs (see lib/deepgram-factory.ts transcribe(audioUrl: string) and scripts/validate-env.ts which calls listen.prerecorded.transcribeUrl on https://static.deepgram.com/examples/nasa-podcast.wav), so it ingests external third-party content and interprets it as part of its workflow, which could carry instructions that influence behavior.