remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The transcription guidance in
rules/transcribe-captions.mdinvolves downloading and executingwhisper.cppbinaries. Since the source is not in the trusted list, this requires review before execution. - [EXTERNAL_DOWNLOADS] (MEDIUM): The
rules/tailwind.mdfile instructs the agent to fetch instructions from an external URL at runtime, which is a potential vector for loading unverified instructions. - [COMMAND_EXECUTION] (SAFE): The skill suggests standard package manager commands to install Remotion-specific libraries. These are routine development tasks.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted external data like
.srtand.jsoncaption files without explicit sanitization or boundary markers.
Audit Metadata