Skills
skills/lightfastai/lightfast/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The rule in rules/transcribe-captions.md provides code to download, install, and run the Whisper.cpp binary using the @remotion/install-whisper-cpp package. This involves executing native binaries on the host system.
  • [COMMAND_EXECUTION]: The skill recommends several command-line operations for dependency management (npm install, npx remotion add), media processing (bunx remotion ffmpeg), and rendering (npx remotion render).
  • [EXTERNAL_DOWNLOADS]: The skill references and downloads assets from various external sources, including Google Fonts, Mapbox, LottieFiles, and a third-party GitHub repository for sound effects. It also downloads pre-trained AI models for speech transcription.
  • [DATA_EXFILTRATION]: Integration with the ElevenLabs API (rules/voiceover.md) involves sending text data and an API key (stored in the ELEVENLABS_API_KEY environment variable) to an external service provider.
  • [PROMPT_INJECTION]: The skill identifies surfaces for indirect prompt injection in rules/calculate-metadata.md, rules/display-captions.md, and rules/lottie.md. These patterns involve fetching and processing external JSON or SRT files which could potentially contain malicious instructions intended to influence the agent's composition logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 06:16 PM