faceswap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md requires supplying arbitrary public URLs (input.source_image_url, input.target_video_url, and the audio_url in the chain example) that HeyGen will fetch and ingest as part of the workflow, meaning untrusted third-party media are read/processed and can influence subsequent actions.