remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly fetch and ingest public/untrusted content—e.g., fetch(props.dataUrl) in rules/calculate-metadata.md, Lottie JSON fetched from assets4.lottiefiles.com in rules/lottie.md, and many examples using UrlSource/remote URLs for Img/Video/Audio in rules/assets.md and Mediabunny functions—then parse/use that content to set composition metadata, props, or rendering behavior, so third-party content can materially influence agent actions.