video-production
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands, specifically
npx remotion previewandnpx remotion render, to visualize and produce video files. While these are standard operations for the Remotion library, executing commands based on AI-generated configurations is a capability that should be monitored. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it transforms arbitrary user prompts into video specifications and React code components.
- Ingestion points: User prompts in the 'Examples' section of SKILL.md and scene descriptions in Step 2.
- Boundary markers: Absent; there are no clear delimiters or instructions provided to the agent to treat user-provided video descriptions as untrusted data.
- Capability inventory: The skill generates React code (
src/Video.tsx) and executes CLI tools (npx remotion) based on the ingested data. - Sanitization: No sanitization logic is present to filter malicious instructions that might be embedded in user-provided scene text or asset names.
Audit Metadata