claude-typer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly renders a remote Remotion composition from the public URL https://www.laosunwendao.com (see SKILL.md "Render remote composition Typer30fps from https://www.laosunwendao.com" and SERVE_URL in scripts/render_claude_typer.py), so it fetches and executes untrusted third‑party content that can affect runtime behavior and tooling.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill defaults to using the remote Remotion serve URL https://www.laosunwendao.com at runtime to load the Typer30fps composition, meaning external code and composition data are fetched and executed by Remotion and directly determine how the provided prompt is rendered.