remotion-prompt-generator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill mandates the use of web searches to gather context about a user's product or industry before generating output. This creates a surface for malicious instructions to be ingested from external web content.
- Ingestion points: Web search results (mandated in
SKILL.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the search data.
- Capability inventory: The skill generates structured prompts intended for consumption by a downstream tool ('Remotion Dev' skill).
- Sanitization: Absent. There is no mention of filtering or validating the integrity of the external data before it is interpolated into the final prompt.
- External Downloads (LOW): The skill includes a maintenance script (
scripts/check-updates.py) that performs network operations to check for updates. - Evidence: The script uses
urllib.request.urlopento connect tohttps://registry.npmjs.org/remotion/latest. - Risk Assessment: The operation is restricted to fetching metadata (JSON) from a standard, trusted registry (npm) and does not execute the downloaded content. Per [TRUST-SCOPE-RULE], this is classified as a low-risk maintenance function.
Audit Metadata