seedance-20

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires ingesting user-provided @Image/@Video/@Audio references as part of its core workflows (see references/reference-workflow.md and the I2V/ @reference guidance in references/i2v-guide.md and multiple SKILL.md files), so arbitrary third-party/user-generated media are read and directly used to drive generation and tool actions, exposing the agent to untrusted content that could carry indirect prompt-injection instructions.