heygen-avatar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs fetching and ingesting public web content and user-provided URLs (e.g., references/asset-routing.md: "URLs: Use web_fetch to retrieve publicly accessible content" and avatar/photo file types allowing "type: url") and then uses that content to contextualize scripts and assets—behavior that lets untrusted third-party/user-generated content influence API calls and agent actions.