remotion
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment setup and video rendering operations. Commands include npm create video, npm install, and npx remotion render. While these are standard for the described workflow, shell access is a powerful capability.
- [EXTERNAL_DOWNLOADS]: The skill fetches assets (screenshots and HTML) from external URLs provided by the Stitch platform. It also downloads various Node.js packages from the npm registry to support the video generation process.
- [REMOTE_CODE_EXECUTION]: By installing and executing packages from npm at runtime (via npm install and npx), the skill performs remote code execution. This is a standard part of the Node.js ecosystem used here to dynamically build the video project.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves screen titles and descriptions from external Stitch projects and uses them to generate text overlays in the video composition. If this metadata is maliciously crafted, it could potentially influence the agent's behavior during the code generation or rendering steps.
- [PROMPT_INJECTION]: Ingestion points: Screen metadata (titles, descriptions) retrieved via stitch:get_screen as described in SKILL.md.
- [PROMPT_INJECTION]: Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating this metadata into components or configuration files.
- [PROMPT_INJECTION]: Capability inventory: The skill has access to Bash (shell execution), Write (file modification), and web_fetch (network access).
- [PROMPT_INJECTION]: Sanitization: The instructions do not specify any validation or sanitization steps for the retrieved screen metadata before it is used in the React components.
Audit Metadata