together-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests arbitrary public URLs as inputs (see SKILL.md's "Image-to-Video (Keyframes)" and reference_images examples) and scripts/generate_video.py calls requests.get(image_url) and encodes external images for video generation, so untrusted third‑party content is fetched and directly influences generation behavior.