Context-Inappropriate Capability
Medium
- Confidence
- 85% confidence
- Finding
- The upload-from-URL example introduces arbitrary server-side fetching of attacker-controlled URLs before re-uploading the content to HeyGen. In an agent or backend context, this can enable SSRF-style behavior, unexpected external access, and transfer of internal or sensitive network resources if the source URL is not tightly restricted.
