remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's rules explicitly fetch and ingest arbitrary external URLs (e.g., rules/calculate-metadata.md uses fetch(props.dataUrl) and other rules use UrlSource/remote src like props.videoSrc in mediabunny examples) so untrusted, user-provided web content is read at runtime and its JSON/media metadata is used to set composition props/duration, which can materially change subsequent rendering behavior.