remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly lists and downloads assets and HTML from Stitch project URLs (e.g., SKILL.md "Screen metadata fetch" steps referencing screenshot.downloadUrl and htmlCode.downloadUrl, the "Dynamic Text Extraction" section, and scripts/download-stitch-asset.sh), then parses that user-generated content to generate annotations and drive composition decisions, so untrusted third-party content can influence agent behavior.