qwencloud-video-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and passes through arbitrary http/https URLs in request fields (e.g., img_url, reference_urls, audio_url, video_url / RESOLVE_KEYS in scripts/video_lib.py and the SKILL.md examples), and resolve_request_urls / payload builders send those untrusted third-party resources to the video API (and may download outputs), so external, user-provided content is ingested and can materially influence generation and subsequent agent actions.