telnyx-voice-gather-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted, user-generated caller content via the AI gather endpoints and incoming webhook events (e.g., POST /calls/{call_control_id}/actions/gather_using_ai and webhook payloads like CallAIGatherPartialResults / CallAIGatherEnded which include data.payload.message_history and partial_results), and the agent is expected to read/interpret that content as part of its workflow, so third-party content could influence subsequent actions.