remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's rules explicitly fetch and ingest remote, user-supplied URLs (e.g., rules/calculate-metadata.md shows fetch(props.dataUrl) to load external JSON, rules/lottie.md fetches a Lottie JSON from assets4.lottiefiles.com, and multiple media rules use UrlSource/remote URLs), meaning untrusted third‑party content is read and used to determine metadata, props, or rendering behavior.