asr-sentence-recognition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary public http/https audio URLs (see routing_strategy.md and SKILL.md which direct the agent to run file_recognize.py rec "<PUBLIC_URL>") and downloads/transcribes that untrusted third‑party content (e.g., flash_recognize.py's download_url), and those transcripts are then used by the agent for summaries/actions—so external content can materially influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script ensure_ffmpeg.py constructs and may execute a runtime install of an RPM from https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-{rhel_major}.noarch.rpm (used in dnf/yum repo fallback), which fetches remote package content that the installer will run on the host—so this URL is fetched at runtime and can result in executing remote code as part of a required ffmpeg provisioning step.