remotion
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions reference 'google-labs-code/stitch-skills'. This organization is not present in the 'Trusted GitHub Organizations' list, making the skill's source unverifiable according to the security policy.
- COMMAND_EXECUTION (LOW): The script 'scripts/download-stitch-asset.sh' executes shell commands including 'curl', 'mkdir', and 'stat' using parameters provided at runtime without internal validation.
- EXTERNAL_DOWNLOADS (LOW): The 'scripts/download-stitch-asset.sh' script performs network downloads via 'curl'. Although intended for Google Cloud Storage assets from the Stitch app, it does not restrict target domains or validate output file paths, which could be exploited to overwrite local files or scripts if the agent is manipulated.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external design projects which represents an attack surface.
- Ingestion points: Project metadata (titles and descriptions) and asset URLs are imported from Stitch via 'examples/screens.json' or dynamic retrieval.
- Boundary markers: No specific boundary markers or instructions were found in the provided components to isolate these strings from the agent's logic.
- Capability inventory: The skill possesses file-write and network-download capabilities via the 'download-stitch-asset.sh' shell script.
- Sanitization: There is an absence of path validation or URL filtering in the asset download script to ensure data is written to safe, intended directories.
Audit Metadata