chanjing-text-to-digital-person

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly polls the public Chanjing API (e.g., poll_photo_task.py / get_photo_task in _task_api.py) and consumes returned output_url values which are then used as inputs to follow-up actions (passed to create_motion_task.py as photo_path and optionally fetched by download_result.py), and it also accepts arbitrary external photo URLs in create_lora_task.py — so untrusted third-party URLs/content can be fetched and materially drive subsequent tool calls.