remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing official Remotion ecosystem packages (e.g., @remotion/media, @remotion/three, @remotion/captions) and well-known third-party libraries such as mapbox-gl and zod via standard package managers.
- [COMMAND_EXECUTION]: Instructions include standard CLI usage for the Remotion framework, such as using 'npx remotion add' to manage dependencies and 'npx remotion render' for exporting videos.
- [DATA_EXFILTRATION]: The skill follows security best practices by instructing users to store sensitive API keys, like the Mapbox access token, in environment variables (.env files) rather than hardcoding them in source code.
- [PROMPT_INJECTION]: The skill identifies surfaces where external data is ingested into the video creation pipeline, which is a standard functional requirement for dynamic video generation.
- Ingestion points: External URLs provided in props (e.g., props.dataUrl in rules/calculate-metadata.md), remote Lottie JSON files (rules/lottie.md), and subtitle files (rules/import-srt-captions.md).
- Boundary markers: None explicitly mentioned in the code templates.
- Capability inventory: The demonstrated code enables network requests (fetch) and local file access (staticFile) to populate video content and metadata.
- Sanitization: Implementation of data validation or sanitization is left to the user; the templates assume data originates from trusted sources.
Audit Metadata