video-batch-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends requests to and ingests responses from open third-party media endpoints (e.g., ARK_API_BASE "https://ark.cn-beijing.volces.com" used in scripts/_shared.mjs and the hosted-media endpoints used by scripts/generate_video_from_image_audio.mjs and scripts/poll_prediction.mjs) and includes a downloader that fetches arbitrary public video URLs (scripts/download_videos_from_manifest_with_ytdlp.mjs), and those external responses/URLs are parsed and acted on (status, outputs, content, downloads) as part of the required workflow.