remotion-video-creator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to deep-read and extract details from user-provided images, screenshots, and descriptions to recreate them as animated components. This allows adversarial content within the processed images to potentially influence the generated code or agent behavior.
- Ingestion points: User-provided screenshots, logos, mockups, and descriptive stories (SKILL.md steps 1 and 2).
- Boundary markers: The skill lacks specific instructions or delimiters to isolate untrusted data from the processing instructions.
- Capability inventory: The skill generates TypeScript code and executes local CLI commands via
npm startandnpx remotion render(SKILL.md step 7). - Sanitization: No verification or sanitization steps are defined for the content extracted from the reference images.
Audit Metadata