chanjing-content-creation-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the orchestration workflow explicitly instructs the agent to perform web_search and to fetch public images/URLs and trending discussions from short‑video platforms and public webpages (see orchestration/cartoon-video-creation/cartoon-video-creation-SKILL.md Phase 1 and orchestration/cartoon-video-creation/references/image-prompt-guide.md §4 "联网检索图"), and those externally‑sourced, user‑generated contents are read and used to generate story_bible, prompts, ref_img_url and drive downstream decisions (TTS/digital‑person selection and rendering), so untrusted third‑party content can materially influence agent actions.