website-to-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Step 0’s runtime capture pipeline (npx hyperframes capture <URL>) fetches arbitrary public web pages and extracts readable text/assets (e.g., capture/extracted/visible-text.txt, asset-descriptions.md) that are then read by later steps and can be pasted into the agent’s LLM context for brand/script/story decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly loads remote JS libraries at runtime (e.g., GSAP via https://cdn.jsdelivr.net/npm/gsap@3.14.2/dist/gsap.min.js, Three.js via https://cdn.jsdelivr.net/npm/three@0.181.2/+esm, and Anime.js via the described animejs CDN) which will fetch and execute third‑party code as part of the composition/runtime and are referenced as required runtime adapters.