voice-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted user-generated speech from external transports/rooms (e.g., LiveKit rooms and Daily.co/WebSocket transports shown in SKILL.md and references/*.md) via STT and forwards those transcripts to the LLM in on_message/pipeline flows, so third-party content can directly influence agent actions.