blitzreels-video-editing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests media from arbitrary URLs (scripts/editor.sh upload-url / POST /projects/{id}/media) and supports YouTube import (POST /workspace/media/import/youtube) and then transcribes and fetches word-level transcripts via the context endpoint (?mode=transcript), so untrusted public/user-generated content from the web is read and used to drive editing decisions and tool actions.