remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's rule files explicitly instruct fetching and ingesting external, potentially user-provided URLs (e.g., rules/calculate-metadata.md shows fetch(props.dataUrl), rules/lottie.md fetches Lottie JSON from assets4.lottiefiles.com, and rules/assets.md/rules/images.md/rules/videos.md allow arbitrary remote URLs for Img/Video/Audio), and that fetched content is parsed and used to set props/metadata or drive rendering, so untrusted third‑party content can materially influence behavior.