lottie-animations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required documentation and examples explicitly load and parse external, public Lottie files and manifests (e.g., SKILL.md examples using src="https://lottie.host/…", CDN imports, the preload/fetch example, and the "Multi-Animation and Theme Support" code that reads dotLottie.manifest), so untrusted user-hosted .lottie/.json content is fetched and interpreted at runtime and can drive which animations, themes, or state-machine actions the agent performs.