seedance-2-prompts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches live, community-submitted prompts from the public API at https://youmind.com/youhome-api/video-prompts (see scripts/search.mjs and SKILL.md), and explicitly uses the returned untrusted "content" fields as actionable Seedance 2.0 prompts presented and applied by the agent, allowing third-party text to influence generation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime script fetches prompts from the live API at https://youmind.com/youhome-api/video-prompts, and the returned "content" is directly used as video-generation prompts/instructions that the skill depends on, so this external URL controls agent prompts at runtime.