byted-mediakit-voiceover-editing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Step 3 (pipeline_url_to_asr.py) explicitly accepts arbitrary http/https URLs (SKILL.md and references/执行步骤/3. URL到ASR流水线与候选生成.md), fetches public media, and the Agent must read the resulting ASR outputs in Step 4/5 to make editing/export decisions, so untrusted third-party content can directly influence tool actions.