voice-ai-development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains code patterns that hardcode or directly pass API keys/secrets (e.g., OPENAI_API_KEY = "sk-...", api_key="...", Authorization: Bearer {OPENAI_API_KEY}, api_key/api_secret for LiveKit), which encourages embedding secret values verbatim into generated requests or code and thus risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-generated transcripts from third-party providers (e.g., Deepgram transcribe_stream and the Vapi webhook's event["transcript"]) and appends those transcripts to conversation_history / feeds them to the LLM and tool-calling logic, so untrusted third-party content can influence agent decisions and actions.