remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill automatically clones a public GitHub repo (git clone https://github.com/Ceeon/remotion-skill.git and runs npm install) and then reads and uses the repository's 案例库/ .tsx templates (and other fetched files) as part of its template-matching and rendering workflow, which means it ingests external, potentially untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill will run a runtime git clone of https://github.com/Ceeon/remotion-skill.git (if the skills/remotion directory is missing), which pulls remote code that is installed and executed as part of rendering—i.e., fetching and running remote code at runtime and serving as a required dependency.