editframe-composition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports loading arbitrary remote assets and JSON data — for example ef-captions' captions-src (references/captions.md), ef-video/ef-audio src with remote URLs (references/getting-started.md and references/configuration.md), and injected renderData/read via useRenderData (references/cloud-render.md) — so untrusted third‑party content can be fetched and directly influence rendering behavior and data-driven logic.