tavus-cvi-interactions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill listens for and processes arbitrary participant-generated app-message events via Daily.js (e.g., call.on('app-message') delivering conversation.utterance and conversation.perception_analysis), so it ingests untrusted user content that the agent will read/interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime tag that loads and executes third-party JavaScript from https://unpkg.com/@daily-co/daily-js, which provides the APIs used to send and control conversation interactions (i.e., executes remote code and is a required dependency).