remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's rules explicitly instruct runtime fetching and ingestion of arbitrary remote URLs (for example, calculate-metadata.md shows calculateMetadata doing await fetch(props.dataUrl); lottie.md fetches a Lottie JSON from assets4.lottiefiles.com; and many rules permit remote Img/Video/Audio URLs), so the agent would read untrusted third‑party content that can change composition metadata, props, or subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The transcribe-captions rule calls installWhisperCpp() and downloadWhisperModel() which, per the documentation at https://www.remotion.dev/docs/install-whisper-cpp, downloads/installs whisper.cpp and model files at runtime (fetching remote code/models that are then executed), so this is a runtime external dependency that executes remote code.