opusclip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (SKILL.md and scripts/opusclip) accepts arbitrary public video URLs (YouTube, Vimeo, Twitch, etc.) when creating projects and explicitly fetches/exportable clip data via the API (GET /exportable-clips used in cmd_describe and cmd_preview) returning titles, descriptions, transcripts and preview URLs that the agent is instructed to read and use (e.g., show summaries, understand transcripts, suggest layout changes), so untrusted, user-generated third‑party content can be ingested and could materially influence actions.