remotion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection via external Stitch project data.
- Ingestion points: Stitch project metadata (titles, descriptions, URLs) in screens.json.
- Boundary markers: Absent; no delimiters or instructions to ignore embedded commands.
- Capability inventory: Shell execution (download-stitch-asset.sh), local file writes (tsx, json), and Remotion rendering.
- Sanitization: Absent; external strings are interpolated directly into generated UI components.
- COMMAND_EXECUTION (MEDIUM): Uses a shell script to perform downloads which could be abused if malicious arguments are passed.
- Evidence: scripts/download-stitch-asset.sh executes curl with parameters provided by the agent.
- EXTERNAL_DOWNLOADS (MEDIUM): The installation source 'google-labs-code/stitch-skills' is not in the trusted organization or repository list.
- Evidence: README.md installation instructions via npx.
- REMOTE_CODE_EXECUTION (MEDIUM): Generates and executes React/TypeScript code dynamically at runtime based on external configuration.
- Evidence: README.md and examples/WalkthroughComposition.tsx show script generation and execution via the Remotion framework.
Recommendations
- AI detected serious security threats
Audit Metadata