remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's rules include a calculateMetadata example (rules/compositions.md) that performs fetch(props.dataUrl) and returns fetched JSON into composition props/duration (and other rules also show fetching remote assets, e.g., lottie and import-srt-captions), so arbitrary public URLs can be ingested at runtime and materially influence rendering behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The transcribe-captions rule (see https://www.remotion.dev/docs/install-whisper-cpp) calls installWhisperCpp and downloadWhisperModel at runtime to fetch whisper.cpp and model files which are then executed for transcription, so the skill performs required runtime downloads that execute remote code.