remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary remote content that is then parsed and used to control behavior (e.g., rules/calculate-metadata.md uses fetch(props.dataUrl) to set composition props/duration and rules/lottie.md fetches Lottie JSON from assets4.lottiefiles.com), so untrusted third-party data can materially influence tool actions.