@554/video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and ingests arbitrary public URLs (publish_from_url in skills/video/publish_asset.py and the image_url parameter accepted/required by generate_video and documented in SKILL.md §2), meaning untrusted user-generated web content can be fed into the generation workflow and materially influence model behavior.