videoagent-video-studio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required image-to-video workflow (SKILL.md "Image-to-video" step and the CLI/tools/generate.js --image-url parameter) and the proxy (proxy/models.js and calling_guide.md) explicitly accept and forward arbitrary public image/video URLs (image_urls/video_url) to the backend, so untrusted third‑party content is ingested and can materially influence generation behavior.