voice-ai-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted user-generated content (real-time audio and transcripts) as part of its workflow — e.g., Deepgram transcribe_stream, Vapi webhook saving event["transcript"], and LiveKit on_track handling incoming audio — and feeds those transcripts into the LLM to generate responses, enabling indirect prompt injection.