telnyx-voice-media-java

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the API accepts arbitrary audio_url values for playback ("Play audio URL" section) and receives webhook events including call.recording.transcription.saved with data.payload.transcription_text, meaning untrusted external audio/URLs and transcriptions from callers are ingested and intended to be processed as part of the webhook workflow.