remotion-synced-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required image-search workflow (e.g., scripts/search_images.js and numerous crawl_* scripts including scripts/lib/crawl_google_images.py and crawl_google_playwright.js) explicitly opens and scrapes public sites such as Google Images, Bing, DuckDuckGo and Unsplash via agent-browser/Playwright to extract URLs and HTML which the agent must parse and act on (downloading and selecting images), exposing it to untrusted third‑party content that can influence subsequent tool actions.