build-video-editor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow fetches public web content at runtime from https://banuba.com/ve-pe-sdk/llms-full.txt (outsider-authored documentation page), which is then searched and used to generate responses—this fetched free text is ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching and using the remote LLM-optimized documentation at https://banuba.com/ve-pe-sdk/llms-full.txt at runtime (and also clones required sample code from repositories such as https://github.com/Banuba/ve-sdk-android-integration-sample, https://github.com/Banuba/ve-sdk-ios-integration-sample, https://github.com/Banuba/ve-sdk-flutter-integration-sample, and https://github.com/Banuba/ve-sdk-react-native-cli-integration-sample), and those fetched files directly control the agent's prompts/instructions and provide required remote code.