remotion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes multiple runtime examples that fetch and ingest open web content (e.g., calculateMetadata using fetch(props.dataUrl) in rules/calculate-metadata.md and fetching Lottie JSON in rules/lottie.md, plus UrlSource/remote-URL use in media rules), which are untrusted/user-provided sources and are parsed/used to set composition props and control rendering behavior, so third-party content can materially influence agent decisions and tool use.