grok-imagine-prompts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly queries the live YouMind API (https://youmind.com/youhome-api/video-prompts) to retrieve community prompts sourced from X/Twitter creators and the SKILL.md workflow requires the agent to read and present those user-generated "content" prompts (and offer customization), so untrusted third-party text can influence the agent's outputs and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script (scripts/search.mjs) POSTs to https://youmind.com/youhome-api/video-prompts to fetch prompt content that is directly presented and used as Grok Imagine prompts, so this external URL controls the prompts at runtime.