seedance-submitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary public URLs for referenceImages/referenceVideos (see references/request-json.md and video-batch-runner references) and contains runtime code that downloads external media (download_videos_from_manifest_with_ytdlp.mjs and hosted_media_generation_bridge.downloadHostedMediaFile), so untrusted, user-provided web content is ingested and can directly influence promptPlan and provider requests used to drive subsequent generation actions.