remotion-video

The skill is largely coherent with its stated purpose of enabling Remotion-based programmatic video creation with optional AI voice integration. It uses standard toolchains for core functionality but introduces high-risk elements: unverifiable binary downloads (potential supply-chain risk) and credential handling (API keys for TTS services). The data flows to external AI services are expected for voice synthesis but require secure handling of keys and proper verification of any downloaded binaries. Given these signals, the overall risk is MEDIUM-to-HIGH in aggregate, with specific components (unverifiable binaries, credential exposure) elevating the concern. Recommend tightening the workflow to rely on verifiable binaries, pinning/ signing artifacts, and clearly isolating API keys with least-privilege scopes and explicit user consent before external data is sent.