heygen-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze publicly accessible URLs (references/asset-routing.md: "URLs: Use web_fetch to retrieve publicly accessible content") and to bake that untrusted web/page content into prompts and scripts (SKILL.md and asset-routing.md), which the agent then uses to build generation payloads and drive subsequent tool actions—allowing third-party page content to materially influence behavior.