telnyx-voice-gather-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted, user-generated content — e.g., caller speech and message_history delivered in webhooks like CallAIGatherMessageHistoryUpdated / CallAIGatherPartialResults and AI gather results (shown in the SKILL.md Webhooks and Gather/GatherUsingAI/GatherUsingAudio sections), and it can fetch arbitrary audio via audio_url for calls, all of which the assistant is expected to read/interpret and can influence subsequent actions.