audio-transcriber

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and downloads audio from arbitrary URLs (SKILL.md "Accept file path or URL" Step 1 and examples) and then transcribes and feeds the resulting untrusted transcript into prompt-engineer and LLM CLIs (scripts/transcribe.py handle_prompt_workflow and process_with_llm), so malicious or user-generated audio could contain instructions that indirectly influence LLM prompts and processing.