remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly downloads and parses Stitch project assets (e.g., screenshot.downloadUrl and htmlCode.downloadUrl using web_fetch/curl) and extracts text from arbitrary Stitch HTML to generate annotations, voiceover scripts, and manifest-driven composition decisions, which means untrusted/user-generated third-party content is read and can materially change the agent's actions.