storyboard-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts and displays arbitrary external image/video URLs (e.g., reference_image_ids used in draw_one_image/draw_one_video, and shot.image_url / shot.video_url rendered and opened in the HTML) and even uses public placeholder images (https://picsum.photos), so it clearly ingests untrusted third‑party content as part of its runtime workflow.