heygen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflows explicitly instruct the agent to fetch and ingest arbitrary external content (e.g., the uploadFromUrl flow in references/assets.md that downloads arbitrary HTTPS URLs and the "Pull data — Research the topic: web search, APIs" step in references/prompt-optimizer.md), and that external content is then used to craft Video Agent prompts and video-generation inputs, so untrusted third-party data can directly influence tool use and next actions.