video-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow mandates scraping arbitrary public websites for brand data via Firecrawl (see "Scrape brand data" and scripts/firecrawl.sh) and downloading linked assets (curl of OG_IMAGE_URL/SCREENSHOT_URL), which the agent is instructed to read and use to drive design decisions, so untrusted third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The script scripts/firecrawl.sh performs a runtime POST to https://api.firecrawl.dev/v1/scrape and the skill marks the Firecrawl scrape as MANDATORY—its returned brand data is fetched at runtime and directly drives the video's content/design, so this external URL is a required runtime dependency that controls the agent's output.