Skills
skills/ceeon/remotion-skill/remotion/Gen Agent Trust Hub

remotion

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The file SKILL.md (Step 1) instructs the agent to perform a git clone from an untrusted GitHub repository (https://github.com/Ceeon/remotion-skill.git) if the skill directory is missing. This repository is not within the defined [TRUST-SCOPE-RULE] organizations.
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it uses untrusted user input to generate or adapt React code which is then executed via the Remotion CLI.
  • Ingestion points: User descriptions and ASCII sketches enter the context as natural language prompts (see SKILL.md, Step 2).
  • Boundary markers: Absent. There are no instructions to use delimiters or specific safety warnings to ignore embedded instructions within user-provided content.
  • Capability inventory: The agent has the capability to write new .tsx files to the filesystem (SKILL.md, Step 4) and execute shell commands (npx remotion render) in Step 6.
  • Sanitization: Absent. The skill provides no mechanism to sanitize or validate the code logic generated from user input before execution.
  • COMMAND_EXECUTION (MEDIUM): The skill frequently executes shell commands, including npm install (via SKILL.md and 脚本库/check-env.sh) and npx remotion render. While these are part of the intended functionality, they provide a powerful execution environment for potentially malicious code introduced via untrusted repositories or user-injected logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:03 AM