Video Ad Script Writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly requires fetching user-provided URLs with "WebFetch" and running public WebSearch queries (e.g., "WebSearch: '[Product/Brand]' video ad") to extract product descriptions, testimonials, social/media content and competitor positioning that the agent then reads and uses to generate ad scripts, so it ingests untrusted public third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs WebFetch on the user-provided product URL at runtime (the "URL" passed as input, e.g., https://) and uses the fetched page content to populate the Video Brief and drive the model prompts, so external content directly controls agent instructions.