ai-avatar-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly instructs the agent to fetch and ingest arbitrary public URLs (e.g., image_url, audio_url, video_url in the Quick Start and Full Workflow sections such as the infsh app run commands and the transcription step using infsh/fast-whisper-large-v3), meaning untrusted third-party content will be read and interpreted as part of the workflow and could influence subsequent actions.