remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell commands for installing official framework extensions using common package managers such as npx, bunx, yarn, and pnpm.
- [EXTERNAL_DOWNLOADS]: Includes code examples for fetching remote media assets, JSON data for Lottie animations, and subtitle files from external URLs, and references legitimate @remotion packages.
- [PROMPT_INJECTION]: Contains a directive for the agent to use the WebFetch tool to retrieve official setup documentation from remotion.dev.
- [PROMPT_INJECTION]: The skill describes patterns for processing external data, which represents an indirect injection surface. 1. Ingestion points: Data fetching is shown for JSON and SRT files in multiple files (calculate-metadata.md, lottie.md, import-srt-captions.md). 2. Boundary markers: Absent in the provided examples. 3. Capability inventory: Use of fetch() and shell-based package managers is demonstrated. 4. Sanitization: No explicit content validation is included in the code snippets.
Audit Metadata