video-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests arbitrary remote resources (e.g., rules/calculate-metadata.md shows calculateMetadata calling fetch(props.dataUrl), rules/get-video-duration.md and get-video-dimensions.md use Mediabunny UrlSource for external URLs, and rules/assets.md/images.md/lottie.md permit remote image/video/Lottie URLs), meaning untrusted, user-provided web content can be loaded and used to determine props, durations, or rendering behavior and therefore could indirectly inject instructions.