motion-video
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands for standard build and verification workflows. In
SKILL.md, it instructs the user to runpnpm run brand:auditandnpx tsxto execute the verification script. These are routine operations for a developer-oriented tool. - [EXTERNAL_DOWNLOADS]: The skill uses external AI services for video verification. In
scripts/verify-composition.ts, the code sends rendered video data to Google's Generative AI (Gemini) API for motion and pacing evaluation. This is a documented feature and requires the user to provide their own API key via environment variables. - [DYNAMIC_EXECUTION]: The verification script
scripts/verify-composition.tsutilizes dynamic loading to interact with the local Remotion installation. It usescreateRequireto resolve and import@remotion/bundlerand@remotion/rendererfrom the project'snode_modules. This approach ensures the verification script uses the same version of Remotion as the project it is analyzing. - [DATA_EXFILTRATION]: While the script sends video data to an external API (Google Gemini), this is restricted to the video content being verified and is a core functional requirement for the 'Layer 3' animation flow evaluation. No sensitive local files (like SSH keys or credentials) are accessed or transmitted.
- [PROMPT_INJECTION]: The prompts provided for AI-assisted evaluation (
prompts/motion-flow-evaluation.mdandprompts/static-frame-evaluation.md) use clear, instructional language to guide the AI in performing objective brand and motion audits. They do not contain instructions to bypass safety filters or ignore system constraints.
Audit Metadata