critic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md defines a POST /v1/watch endpoint that accepts a mediaUrl ([MEDIA_URL]) and requires the agent to analyze external videos/images (quality check, verification, deep analysis) and act on those results (pass/fail, regenerate, change prompts/models), so arbitrary public media supplied via the mediaUrl can provide untrusted content that materially influences behavior.