narrator-ai-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports importing arbitrary external URLs and user files (e.g., "narrator-ai-cli file transfer --link """ and file upload/transfer in references/resources.md and workflows.md) and requires the agent to read and use those uploaded SRT/video files as inputs (episodes_data / confirmed_movie_json) that directly influence task creation and downstream actions, so untrusted third‑party content can alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent/CLI to call the external API (e.g. curl and many narrator-ai-cli commands) at runtime to https://openapi.jieshuo.cn to fetch template schemas and generated scripts which the agent then uses to build/submit parameters and content, so this external URL can directly control agent instructions and is a required runtime dependency.