minimax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly allows providing a public URL for first_frame_image in section "10. Image-to-Video (I2V)" (e.g., "first_frame_image": "https://example.com/image.jpg"), meaning the service will ingest arbitrary third‑party web content that can materially influence generation outputs and thus could enable indirect prompt injection.