audio-voice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and loads models from the public HuggingFace repository on first run (see "模型自动下载" in SKILL.md and the DEFAULT_MODEL values in scripts/asr_transcribe.py and tts_speak.py), meaning it ingests third-party user-hosted model artifacts that can influence outputs and subsequent actions.