remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill guides the user to install various @remotion scoped packages and specialized tools like Whisper.cpp for transcription. These are standard dependencies for the Remotion ecosystem and are used for their intended primary purpose.
- COMMAND_EXECUTION (SAFE): Instructions include using ffmpeg, ffprobe, and standard package manager commands (npm, yarn, pnpm, bun) to set up the project and process video/audio assets. These are utility commands required for video development.
- CREDENTIALS_UNSAFE (SAFE): The voiceover rules require an ElevenLabs API key but correctly instruct the user to use environment variables (.env) or direct input prompts rather than hardcoding any secrets within the skill code.
- DATA_EXFILTRATION (SAFE): The skill uses fetch calls to interact with external APIs (e.g., ElevenLabs for TTS, LottieFiles for animations). These network operations are functional requirements and are directed at legitimate service endpoints associated with the tools being demonstrated.
Audit Metadata