remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing various official Remotion packages and the 'mediabunny' library using the 'remotion add' command across multiple files, including 'rules/3d.md', 'rules/audio.md', 'rules/display-captions.md', 'rules/fonts.md', 'rules/gifs.md', 'rules/measuring-text.md', 'rules/transitions.md', and 'rules/lottie.md'. These resources are from well-known and trusted ecosystems.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: Files like 'rules/calculate-metadata.md', 'rules/compositions.md', 'rules/import-srt-captions.md', and 'rules/lottie.md' demonstrate patterns for fetching external data into the composition context or agent flow. Boundary markers: The examples lack boundary markers to delimit untrusted content. Capability inventory: Standard Remotion media rendering and metadata calculation capabilities. Sanitization: No validation or sanitization is performed on the retrieved data.
- [PROMPT_INJECTION]: In 'rules/tailwind.md', the skill instructs the agent to fetch setup guidelines from 'https://www.remotion.dev/docs/tailwind' using 'WebFetch'. While targeting a trusted domain, this involves the agent processing external instructions.
Audit Metadata