framevideo-registry
Warn
Audited by Snyk on Jun 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). At runtime, the required workflow for
framevideo addinstalls and the user wires the resulting block HTML viadata-composition-src(e.g.,compositions/<name>.html), which is outsider-authored content fetched from the public registry and then loaded/read as HTML/JS/CSS by the FrameVideo runtime into the agent’s LLM context (indirectly via the installed snippet text).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata