remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines a surface for Indirect Prompt Injection by ingesting external data fields intended for video rendering. \n
- Ingestion points: Data is ingested via the
PropertySchema(Zod object) inrules/compositions.md. \n - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for this data. \n
- Capability inventory: The skill allows command execution via
Bash(npm/npx) and file system read access. \n - Sanitization: There is no evidence of sanitization for input strings before they are rendered into the video composition. \n- [COMMAND_EXECUTION]: The skill grants the agent permission to execute
Bashcommands specifically fornpmandnpx, which is a standard requirement for managing Remotion projects but represents a significant capability. \n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of media assets (images, videos, audio) from external URLs provided in props and suggests the installation of official supporting packages from the Remotion ecosystem.
Audit Metadata