pixverse-ai-image-and-video-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflows clearly accept and ingest arbitrary external URLs and template data from the web (e.g., "--image " in capabilities/create-and-edit-image.md and "--image " / URL examples in capabilities/create-video.md, plus template list/search/info and "display_prompt" in capabilities/template.md and workflows/text-to-image-to-video.md), so untrusted third‑party content is fetched/passed to the API and can directly influence generation decisions and subsequent tool actions.