remotion-video-creation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's rules include explicit runtime fetches of arbitrary remote resources (e.g., calculate-metadata's fetch(props.dataUrl) in rules/calculate-metadata.md, the Lottie fetch example in rules/lottie.md, and multiple notes that remote Img/Video/Audio URLs are supported in rules/assets.md and others), and those fetched, potentially user-supplied, third‑party payloads are parsed and used to set composition metadata, props, and rendered behavior—meaning untrusted content can materially influence the agent's actions.