remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's rule files explicitly instruct fetching and ingesting arbitrary external URLs (e.g., calculate-metadata.md's example that does await fetch(props.dataUrl), display-captions.md fetching captions JSON, lottie.md fetching a Lottie JSON from lottiefiles, and assets/images/videos rules that allow remote URLs), meaning untrusted third-party content is read and parsed and can directly change composition metadata, props, and rendering behavior.