happyhorse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows required input fields that accept external URLs for images and videos (e.g., "first_frame": "https://your-image.jpg", "reference_images": ["https://portrait.jpg"], "video": "https://your-video.mp4"), indicating the agent will fetch and interpret arbitrary third‑party content which can materially influence generation/editing behavior.