remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's rules explicitly fetch and ingest remote, potentially user-provided content (e.g., rules/lottie.md fetches a Lottie JSON from assets4.lottiefiles.com, rules/calculate-metadata.md shows fetch(props.dataUrl), rules/import-srt-captions.md allows fetching remote .srt files, and rules/voiceover.md calls the ElevenLabs API), and that fetched content is parsed and used to set props/metadata or control rendering, so untrusted third‑party data can materially influence agent behavior.