remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's rule files (e.g., rules/calculate-metadata.md) explicitly show fetching arbitrary remote URLs (e.g., fetch(props.dataUrl) in calculateMetadata) and other rules permit using remote image/video/Lottie/SRT URLs, meaning the agent is instructed to ingest untrusted third‑party content (public URLs) which can directly change composition props, durations, and rendering behavior.