Nextjs Guideline: Images — Configure remote image domains. Description: Whitelist external image sources. Do: remotePatterns in next.config.js. Don't: Allow all domains. Good Example: remotePatterns: [{ hostname: 'cdn.example.com' }]. Bad Example: domains: ['*']. Severity: High. Docs: https://nextjs.org/docs/app/api-reference/components/image#remotepatterns.