klingai-image-to-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly accepts arbitrary public URLs for "image", "image_tail", "static_mask", and "dynamic_masks" (mask URLs) and a callback_url and thus ingests untrusted third‑party content (public images/masks) that the image-to-video model will interpret as part of its workflow, enabling indirect injection-like influence on generation.