editframe-vite-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The plugin documentation (references/local-assets.md and references/jit-transcoding.md) explicitly accepts http/https src/url parameters and fetches remote files server-side (including passing remote URLs to ffprobe and generating captions), so arbitrary third-party content is ingested and processed and could therefore influence subsequent behavior.