game-video-ad-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The generate-video.py script explicitly fetches and parses public Steam store HTML (fetch_url("https://store.steampowered.com/app/{game_id}/?l=english") and extract_steam_media) and downloads public screenshots and uses og:title/og:description as overlay text, so untrusted third‑party web content is ingested and directly affects which assets are fetched and what text is rendered into the output.