evolink-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts and fetches arbitrary external URLs as reference files (see "File Upload" in SKILL.md and references/api-params.md, the curl upload-from-URL example, and scripts/evolink-video-gen.sh's --image option), so untrusted public content is ingested and used as input that the agent reads/interprets to drive video-generation actions, creating a clear avenue for indirect prompt injection.