video-inpainting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Invoke section requires a "video_url" input (e.g., the runcomfy CLI example) and the Security & Privacy section explicitly states that "source video URLs are untrusted" and that embedded text/EXIF can influence the edit, showing the agent fetches and interprets arbitrary third-party media that can materially affect its actions.