remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): Multiple files (e.g.,
rules/3d.md,rules/audio.md,rules/fonts.md) provide instructions for installing Remotion-specific packages using commands likenpx remotion add. These are standard development workflows targeting legitimate @remotion scopes. - [PROMPT_INJECTION] (MEDIUM): The file
rules/tailwind.mdcontains an explicit instruction for the agent: "fetch https://www.remotion.dev/docs/tailwind using WebFetch for instructions." This directs the AI to retrieve and follow instructions from a remote, third-party URL at runtime, which is an external instruction dependency. - [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection surface. The skill provides multiple examples where untrusted external data is ingested and processed.
- Ingestion points:
rules/calculate-metadata.md(fetch dynamic JSON),rules/import-srt-captions.md(fetch SRT files),rules/lottie.md(fetch Lottie JSON assets). - Boundary markers: Absent. The code examples treat fetched content as trusted data to be directly used in the component state or rendering logic.
- Capability inventory: The patterns described allow the resulting code to perform network operations (
fetch) and dynamic property transformations (calculateMetadata). - Sanitization: Absent. There is no guidance on validating or escaping external content before interpolation into the UI or using it for logic decisions.
Audit Metadata