create-anime-lifehack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts/fal.ts explicitly fetch and save arbitrary HTTP(S) URLs (download command and downloadFile/downloadResults used for fal.subscribe outputs), which ingests untrusted public media/URLs returned from endpoints or provided by users and then uses those files in the video-generation workflow, exposing the agent to third-party content that could carry indirect prompt-injection vectors.