stitch-remotion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using stitch-mcp-list-projects / stitch-mcp-get-screen to fetch screenshot.downloadUrl and htmlCode.downloadUrl (user-generated Stitch project content) and to parse titles/descriptions and HTML to generate overlays/voiceovers and timing, so untrusted third‑party content is ingested and can materially influence composition and next actions.