byted-mediakit-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches arbitrary http/https resources (e.g., SKILL.md and reference/understand_video_content.md require video_url; reference/image_to_video.md, concat_media_segments.md, mux_audio_video.md accept image_url/sources/audio_url), and the implementation both sends those URLs to the cloud model for "understand_video_content" (scripts/amk_client/api_request.py) and downloads them locally via _url_to_local in scripts/local_ffmpeg_tool.py, meaning untrusted third‑party content is ingested and can materially influence model responses and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The local fallback downloads and extracts a remote FFmpeg binary at runtime from https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz and then executes that binary, so the skill fetches and runs remote code during execution.