remotion-video
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell scripts (
scripts/scaffold_project.shandscripts/render.sh) to automate the environment setup and video production workflow. - [REMOTE_CODE_EXECUTION]: New projects are initialized using
npx create-video, and rendering is performed vianpx remotion render. These commands download and execute official Remotion tools from the npm registry. - [EXTERNAL_DOWNLOADS]: The scaffolding process installs several packages, including
tailwindcssand@remotion/tailwind, directly from public registries during project initialization. - [PROMPT_INJECTION]: The skill processes external data (JSON, CSV, SRT) to drive video content, creating a surface for indirect prompt injection.
- Ingestion points: Data is ingested in
references/rules/data-driven.md(JSON datasets),references/rules/subtitles.md(SRT files), and via CLI arguments inscripts/render.sh. - Boundary markers: No specific boundary markers or instruction-guarding delimiters are implemented for the ingested data.
- Capability inventory: The skill can execute shell commands (
scripts/scaffold_project.sh,scripts/render.sh) and perform file system operations. - Sanitization: There is no evidence of explicit sanitization or validation of the content within the ingested data files.
Audit Metadata