audio-transcription

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests untrusted public media (e.g., download_videos_from_manifest_with_ytdlp.mjs uses item.sourceUrl to download arbitrary web videos and _shared.mjs's resolveProviderMediaInput/downloadProviderOutputs accept and fetch https URLs), and those third‑party audio/video contents are transcribed as part of the required workflow (transcribe_audio.mjs / poll_transcription.mjs), so external content can influence downstream outputs/actions (e.g., subtitle-packager) and thus enable indirect prompt injection.