ugc-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required runtime workflow explicitly WebFetches the user-supplied product URL (Step 1) and captures a website screenshot (Step 3), then uses that untrusted public page content and image (@Image2) to auto-detect category/language and to compose the multi-beat prompt that drives generate_reference_video, meaning arbitrary third‑party pages can influence agent actions and prompts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a user-supplied product URL (e.g., https://pika.me) that is WebFetched at runtime and whose page content (product name, value prop, category, and detected language) is directly used to compose the multi-beat prompt passed to the generator, so remote content can directly control agent prompts.