pandastudio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md instructs the agent to render arbitrary HTML and fetch external assets (e.g., motion.render-html examples that load GSAP from https://unpkg.com and the ability to pass arbitrary HTML/--assets), to install public HyperFrames blocks via "npx hyperframes add" (public npm/catalog), and to list/read YouTube channel videos via export.list-youtube — all of which cause the agent runtime to ingest untrusted, user-/third-party-generated content that can influence template selection, rendered outputs, metadata, and downstream publishing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's canonical HTML examples load and run remote JavaScript at render time (e.g., ), which will be fetched and executed during motion.render-html runs and is presented as a required dependency for paused GSAP timelines, so this is a runtime external code execution risk.