remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 2 "Screen metadata fetch" and the "Dynamic Text Extraction" section) instructs the agent to fetch and download Stitch assets (screenshot.downloadUrl and htmlCode.downloadUrl) — including via web_fetch/curl and scripts/download-stitch-asset.sh — and to parse HTML/text from those user-provided Stitch projects to generate annotations and drive composition, which exposes the agent to untrusted, user-generated third‑party content that can influence subsequent actions.