remotion-beautiful-videos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory "Step 1: Scrape Brand Data" explicitly uses bb-browser/curl/ffmpeg to open and extract CSS variables, hero copy, logo SVGs and media from arbitrary brand URLs (and Step 3.5 auto‑sources music from Pixabay), and those scraped, untrusted third‑party assets are then injected into theme.ts, scene construction, beat‑sync and rendering decisions—so external web content can materially influence the agent's actions.