lightx2v

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary HTTP(S) URLs for input_image/input_audio/input_video (see payload_image/payload_audio in scripts/lightx2v_submit_and_poll.sh) and calls external endpoints (e.g., GET /api/v1/model/list and /api/v1/voices/list in SKILL.md and scripts) so untrusted, user-provided web content is ingested and can materially influence model selection and generated outputs.