talking-head-production

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows runtime workflows that accept and fetch arbitrary public URLs for images/audio/video (e.g., "image": "https://portrait.jpg", "audio": "https://speech.mp3", "video_url": "https://original-video.mp4") which the agent ingests and processes (transcribe/translate/generate), so untrusted third‑party content can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly depends on and invokes remote apps via the inference.sh CLI (https://inference.sh — e.g., running pruna/p-video-avatar with belt app run), which executes remote code at runtime and is required for the skill to function.