remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The file
rules/transcribe-captions.mdcontains code instructions to programmatically install thewhisper.cppnative binary and download specific models. Executing native binaries from non-trusted organizations (remotion-dev) at runtime is a significant security boundary crossing. - [COMMAND_EXECUTION] (MEDIUM): Multiple files (e.g.,
rules/3d.md,rules/ffmpeg.md,rules/fonts.md,rules/parameters.md) instruct the agent to execute shell commands usingnpx,bunx, andffmpeg. These instructions are used for dependency management and media processing but involve running arbitrary external code. - [CREDENTIALS_UNSAFE] (LOW): The file
rules/voiceover.mdinstructs the agent to request anELEVENLABS_API_KEYfrom the user and store it in a.envfile. While required for the primary purpose of the skill, handling and storing API keys via the agent context requires caution. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill frequently encourages downloading packages from the
@remotion/*andmediabunnynamespaces. While these are part of the Remotion ecosystem, they are not listed as trusted sources and represent unverifiable external dependencies. - [INDIRECT_PROMPT_INJECTION] (LOW): The file
rules/tailwind.mdexplicitly instructs the agent to fetch instructions from an external URL (remotion.dev/docs/tailwind) viaWebFetch. If the content of that page is compromised or altered, it could inject malicious instructions into the agent's session.
Audit Metadata