video-generate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly allows an arbitrary input image "path or URL" via the --in option and sends that content to external providers (fal/replicate) for processing, meaning the agent will fetch and interpret untrusted, third‑party web-hosted images as part of its workflow which could materially influence generation.