remotion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation recommends installing several official Remotion packages (@remotion/media, @remotion/three, @remotion/captions, @remotion/google-fonts, @remotion/fonts, @remotion/gif, @remotion/lottie, @remotion/layout-utils, @remotion/zod-types, @remotion/transitions) and the zod library. These are standard dependencies for the framework.
- COMMAND_EXECUTION (LOW): Multiple rule files contain shell commands for installing dependencies using standard package managers like npm, yarn, pnpm, and bun.
- REMOTE_CODE_EXECUTION (LOW): In
rules/tailwind.md, the agent is instructed to fetch documentation fromhttps://www.remotion.dev/docs/tailwindusing WebFetch to obtain further instructions. While this is the official documentation site, fetching instructions from external sources at runtime is a known risk vector if the remote source is compromised. - PROMPT_INJECTION (LOW): The skill contains surfaces for Indirect Prompt Injection (Category 8) where it processes external data. • Ingestion points:
props.dataUrlinrules/calculate-metadata.md,props.videoIdinrules/compositions.md, and subtitle files inrules/import-srt-captions.md. • Boundary markers: Absent. No delimiters or warnings are used to prevent the agent from obeying instructions embedded in fetched JSON or text data. • Capability inventory: The skill usesfetchfor network operations andcalculateMetadatafor prop transformations. • Sanitization: No explicit sanitization of remote data is present in the provided examples.
Audit Metadata