video-generator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's scripts/remotion.sh performs a runtime git clone from https://github.com/remotion-dev/template-empty.git and then runs npm install in that checked-out project, which fetches remote code and can execute arbitrary install/postinstall scripts from that repository, creating an execution risk.