telnyx-voice-media-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows the Call Control API accepts arbitrary audio URLs (audio_url in "Play audio URL") and emits webhook events including call.recording.transcription.saved with transcription_text, meaning untrusted, user-provided media and transcribed text from public/third‑party sources can be ingested and used at runtime (webhooks) to influence behavior.