director

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires a character.json with a referenceSheet.url and instructs the director-frame-gen step to generate frames "using the character reference sheet," which implies fetching and interpreting arbitrary user-provided/public URLs that could contain untrusted third-party content affecting generation decisions.