use-local-whisper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1 "Check for model file" explicitly instructs downloading a GGML model from Hugging Face (curl "https://huggingface.co/.../ggml-base.bin"), a public third-party model repository, and then runs that downloaded model locally with whisper-cli to produce transcripts that the agent consumes—so untrusted third-party content can influence transcriptions and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs adding and fetching from the remote git repository https://github.com/qwibitai/nanoclaw-whatsapp.git and running git fetch/merge at runtime, which pulls remote code that will be merged into and executed by the agent (modifying src/transcription.ts), so this is a runtime external dependency that can change agent behavior.