remotion-script-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Codebase Analysis" and "Advanced Features" sections explicitly state it can analyze GitHub repositories (public) and fetch data from APIs, meaning the agent will ingest and interpret untrusted third‑party code/content (public repos and API responses) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly supports analyzing GitHub repositories at runtime (e.g. "https://github.com/username/repo" and the repository URL "https://github.com/yourusername/remotion-script-writer"), which means it may fetch external repo content during execution and inject that code/text into the model context to drive prompt generation—this is a runtime external dependency that can directly control the agent's prompts.