jianying-video-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automates browsing of the public site https://xyq.jianying.com (see SKILL.md and scripts/jianying_worker.py) and explicitly reads page HTML and network responses (page.content(), page.on('response' sniff_thread, and page.evaluate that extracts thread_id and mp4 URLs from the thread detail page), meaning untrusted third‑party page content is ingested and used to drive navigation and downloads.