anycap-media-production

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to ingest external, user-provided content (e.g., "Reference images can be local paths or URLs" and the annotate workflow with session URLs plus "anycap annotate poll" and "anycap actions video-read" that parse human-provided labels/recordings), and those free-text annotations and recordings are translated into prompts that directly drive generation, so untrusted third-party input can materially alter agent actions.