ai-avatar-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to accept and pass arbitrary image_url / audio_url (e.g., in the OmniHuman, Wan, HappyHorse, and Seedance invoke examples) and its Security & Privacy section explicitly warns that reference image/audio URLs are untrusted and can carry embedded instructions, so third‑party content is ingested and can materially influence generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill takes user-supplied asset URLs at runtime (e.g. "https://your-cdn.example/presenter.jpg" and "https://your-cdn.example/voiceover.mp3"), which are fetched and directly influence model generation (allowing prompt-injection via image/text/EXIF or hidden audio) and are required inputs for routes like bytedance/omnihuman and wan-ai/wan-2-7.