wjs-burning-subtitles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's run-time workflow (SKILL.md and scripts/render.py) explicitly auto-downloads and executes a static ffmpeg build from the public site https://evermeet.cx (see EVERMEET_URL and fetch_static_ffmpeg), meaning it fetches and uses untrusted third‑party content that directly influences which tool/binary is run and the subsequent rendering behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script auto-downloads and extracts a static ffmpeg binary at runtime from https://evermeet.cx/ffmpeg/getrelease/zip and then executes that fetched binary (used as the ffmpeg runtime), so it fetches and runs remote code during execution.