heygen-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly downloads and uses third-party content (e.g., the uploadFromUrl(sourceUrl, ...) flow in rules/assets.md and the avatar preview/open URLs in rules/avatars.md), meaning untrusted or user-provided web resources are fetched and presented/used by the agent as part of its workflow, which could enable indirect prompt injection.