remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and downloads third-party Stitch content (e.g., screenshot.downloadUrl and htmlCode.downloadUrl via web_fetch/curl) and instructs the agent to parse HTML and extract text for automatic callouts/voiceover, meaning untrusted user-provided content from Stitch can be read and used to influence composition decisions and next actions.