remotion-video-toolkit
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection through multiple ingestion points.\n
- Ingestion points:
rules/calculate-metadata.mdandrules/compositions.mddemonstrate fetching data from user-provided URLs (props.dataUrl,props.videoId) and incorporating the response into the rendering pipeline.\n - Boundary markers: Absent. The skill provides no instructions for sanitizing or isolating external content before processing.\n
- Capability inventory: The skill possesses network access (
fetch) and the ability to bundle/execute React code (@remotion/bundler) that is directly influenced by external inputs.\n - Sanitization: Absent. Data from external fetches is directly used to drive component props and rendering metadata.\n- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions for the deployment and execution of code on cloud infrastructure.\n
- Evidence:
rules/rendering.mdoutlines procedures fornpx remotion lambda functions deployandrenderMediaOnLambda. In combination with untrusted inputs, this enables a path for executing malicious logic in high-privilege cloud-hosted environments.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill triggers downloads of numerous external packages and assets from unverified sources.\n - Evidence: Use of
npx remotion addfor various plugins and fetching Lottie animations fromlottiefiles.com. None of these sources are within the trusted scope defined in the analysis framework.\n- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run complex CLI commands and set up local servers.\n - Evidence:
rules/rendering.mdincludes examples for setting up an Express server to process rendering requests, which creates an exposed execution surface on the host machine.
Recommendations
- AI detected serious security threats
Audit Metadata