Video Generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill (SKILL.md and the Express.js /api/video/create handler) accepts image_url values that can be arbitrary public URLs and passes them directly to zai.video.generations.create, meaning the system can fetch and ingest untrusted third‑party web content which may materially influence generation behavior.