remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit runtime fetches of arbitrary external URLs and third‑party assets (e.g., calculate-metadata.md shows fetch(props.dataUrl), the Lottie example fetches https://assets4.lottiefiles.com/..., Mediabunny UrlSource examples use remote video/audio URLs, and voiceover.md calls the ElevenLabs API), so untrusted, user/third‑party content is ingested and used to set props/durations or drive rendering, which could materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The transcribe-captions rule invokes @remotion/install-whisper-cpp functions (installWhisperCpp and downloadWhisperModel) that download and install Whisper.cpp and models at runtime (see https://www.remotion.dev/docs/install-whisper-cpp), which involves fetching remote code/models that are then executed locally, so this is a runtime external dependency that can execute remote code.