remotion-best-practices-zh
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill consists of documentation and React code templates for the Remotion video framework. No malicious patterns, obfuscation, or unauthorized access attempts were found.\n- [PROMPT_INJECTION]: The skill describes patterns for indirect prompt injection (Category 8) by ingesting external data (SRT files, network-fetched props). \n
- Ingestion points:
calculateMetadata(SKILL.md, rules/calculate-metadata.md) fetches props from network;fetch(rules/import-srt-captions.md) reads SRT files. \n - Boundary markers: Standard code templates do not include specific boundary markers, as they are intended for developers to implement data-driven video logic. \n
- Capability inventory: The skill provides logic for media manipulation, network fetching, and prop injection into the React tree. \n
- Sanitization: Not explicitly present in the provided snippets. While this represents a data ingestion surface, it is the primary purpose of the framework and is documented as a legitimate feature.\n- [EXTERNAL_DOWNLOADS]: The documentation references official Remotion ecosystem packages and well-known libraries (e.g., Mapbox, Zod, Turf.js) to be installed through standard package managers. These sources are considered trusted or well-known and do not pose a security risk in this context.
Audit Metadata