discord-voice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The plugin transcribes arbitrary user speech from Discord voice channels (via STT providers like Whisper/Deepgram or remote Wyoming) and sends that untrusted, user-generated text directly into the embedded agent (see SKILL.md "Transcribed speech is routed through the Clawdbot agent" and index.ts handleTranscript which calls runEmbeddedPiAgent with the transcript and grants the agent tool access), so third-party content can materially influence tool use and actions.