remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes multiple examples that fetch and consume arbitrary external URLs (e.g., calculate-metadata’s fetch(props.dataUrl), the Lottie example fetch('https://assets4.lottiefiles.com/...'), and the repeated support for remote Img/Video/Audio/AnimatedImage/UrlSource in mediabunny), which clearly ingests untrusted third‑party content that the agent would read/interpret as part of its workflow.