heygen-avatars

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads arbitrary external URLs in rules/assets.md ("Uploading from URL" uses fetch(sourceUrl) to pull a file and then upload it), so the agent can ingest untrusted third-party content from arbitrary URLs as part of its workflow.