telnyx-webrtc-client-flutter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill parses and acts on remote, untrusted user-provided data — e.g., FCM background handler (RemoteMessage.message.data) and APNS PushKit payloads (payload.dictionaryPayload["metadata"]) as well as on-call transcripts via telnyxClient.onTranscriptUpdate — and uses that data to drive call handling and call-accept/handlePushNotification flows, so third-party content can materially influence agent behavior.