remotion-video-production
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest untrusted user instructions and structured YAML specifications to produce executable source code, creating an injection surface. Ingestion points: User prompts and video_spec fields in SKILL.md. Boundary markers: No explicit delimiters or ignore-instructions markers are present. Capability inventory: Uses the Bash tool to execute system commands on generated files. Sanitization: No evidence of input validation or escaping before code generation.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to invoke shell commands for previewing and rendering videos. Evidence: Use of 'npx remotion preview' and 'npx remotion render' as specified in SKILL.md.
- [DYNAMIC_EXECUTION]: The skill generates React-based video components at runtime and executes them using the Remotion engine.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill relies on 'npx' to download and run the 'remotion' package from a remote registry at runtime.
Audit Metadata