Skills
skills/kjcarnahan/skills/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill defines patterns that ingest untrusted data into the agent's decision-making flow.
  • In rules/calculate-metadata.md, it demonstrates fetching JSON from a URL and returning it directly as component props, which can influence downstream rendering logic or metadata decisions.
  • In rules/tailwind.md, the skill explicitly instructs the agent to "fetch https://www.remotion.dev/docs/tailwind using WebFetch for instructions," creating a vulnerability where an external site can dictate the agent's behavior.
  • External Downloads & Remote Code Execution (HIGH): The skill promotes the installation of third-party binaries and packages.
  • rules/transcribe-captions.md includes code to download and install whisper.cpp (a binary) and its models from external sources.
  • It also includes code that would likely trigger subprocess execution via the transcribe function.
  • Command Execution (MEDIUM): Throughout the skill (e.g., rules/3d.md, rules/audio.md, rules/parameters.md), the agent is provided with shell commands (npx, npm, yarn, bun, pnpm) to modify the project's dependency state. While standard for the framework, these are powerful capabilities if misused.
  • Data Ingestion Surface (MEDIUM): Multiple files (rules/display-captions.md, rules/lottie.md, rules/import-srt-captions.md) implement patterns to fetch and parse external formats (JSON, SRT, Lottie) without explicit sanitization or boundary markers, increasing the risk of indirect injection from attacker-controlled assets.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:04 AM