sfd-video-director

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uploads and sends generated media URLs to external services (e.g., VIDJUTSU /v1/watch critic calls and ElevenLabs transcribe/STS endpoints) and directly reads their returned transcripts/scores to auto-accept/reject scenes and drive regeneration or edits (see SKILL.md Step 3 and scripts like scripts/generate-multi-scene.ts and scripts/generate-lofi-b-roll.ts where runCritic/transcribe responses determine next actions), so untrusted third-party content can materially influence the agent's behavior.