hyperframes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public websites via the capture command (e.g., "npx hyperframes capture " described in references/cli.md and references/website-to-video.md), producing extracted visible-text/tokens that the workflow (DESIGN.md, SCRIPT.md, composition steps) must read and use to drive decisions—therefore untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The composition examples include a runtime script tag that loads and executes remote code from https://cdn.jsdelivr.net/npm/gsap@3.14.2/dist/gsap.min.js (fetched at page/render time and required for HyperFrames timelines), so this external URL is a runtime dependency that executes remote code used by the skill.