editor-overlay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "videoUrl" parameter (see SKILL.md Parameters and Pipeline Integration) means the service ingests arbitrary public/user-provided videos—and the pipeline explicitly calls a captions/transcription step on the overlaid video—so untrusted third-party content is read/interpreted and could influence downstream actions.