video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and publishes arbitrary public HTTP(S) resources (see skills/video/publish_asset.py's publish_from_url and SKILL.md §2 which instructs using a public URL under the fal-assets preview) and then passes those untrusted, user-provided web-hosted assets as image_url inputs to generate_video, allowing third-party content to directly influence model outputs and downstream actions.