remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to download and install external binaries and packages from the Remotion ecosystem. Specifically, it uses the
@remotion/install-whisper-cpppackage to download the Whisper.cpp binary. - Evidence: Found in
rules/transcribe-captions.mdwhereinstallWhisperCppis called to fetch and install version 1.5.5 of the binary. - COMMAND_EXECUTION (MEDIUM): The skill provides specific shell commands for the agent to run, including complex media processing commands using
bunxandnode. - Evidence:
rules/ffmpeg.mdcontains literal command line instructions for trimming videos usingbunx remotion ffmpeg.rules/voiceover.mdinstructs running a generation script with environment file flags. - REMOTE_CODE_EXECUTION (MEDIUM): In
rules/tailwind.md, the skill explicitly tells the agent to fetch instructions from an external URL (remotion.dev/docs/tailwind) usingWebFetch. This creates a vector where instructions are loaded dynamically from an unverified external source. - INDIRECT_PROMPT_INJECTION (LOW): The skill establishes several surfaces for indirect prompt injection by fetching and processing external JSON data (API responses, caption files) without explicit sanitization or boundary markers.
- Ingestion points:
rules/calculate-metadata.md(fetches fromprops.dataUrl),rules/compositions.md(fetches fromapi.example.com), andrules/display-captions.md(fetches JSON from public assets). - Boundary markers: Absent in all fetching logic.
- Capability inventory: High-capability operations like shell command execution (
bunx) and binary execution (whisper.cpp) are available to be influenced by this data. - Sanitization: No evidence of data validation or escaping before use in the rendering pipeline.
Audit Metadata