guided-explainer-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and extract brand signals from a user-provided live URL ("If the user provided a URL ... fetch that URL and extract the same brand signals from the live site" in STEP 3), meaning untrusted third‑party web content is read and used to drive creative and rendering decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse the user-provided URL at runtime (Step 3: "If the user provided a URL, fetch that URL and extract...") and to use that fetched site content to construct the brand profile which directly controls the generated creative specification, so the user-provided URL (the site fetched in Step 3) is a runtime external dependency that can steer prompts.