giggle-generation-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the public giggle.pro API (scripts/generation_api.py: query_task/text-to-video/image-to-video), accepts arbitrary start-frame URLs (url:), and SKILL.md explicitly instructs the agent to forward exec stdout/results as-is and use the API response (status, links, or error messages) to decide next actions, so untrusted third-party content is ingested and can influence workflow.