telnyx-voice-media-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the API can fetch/play arbitrary audio via the audio_url parameter (Play audio URL /calls/{call_control_id}/actions/playback_start) and delivers user-generated transcriptions in the webhook event call.recording.transcription.saved (data.payload.transcription_text), so the skill ingests untrusted external content that could contain instructions affecting subsequent actions.