stitch-remotion
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches screenshots and project metadata from the Stitch API (stitch.withgoogle.com), a service hosted by a well-known technology provider.
- [COMMAND_EXECUTION]: Executes shell commands via Bash and utilizes Node.js package managers (npm, npx) for project initialization and video rendering tasks.
- [REMOTE_CODE_EXECUTION]: Downloads and runs standard scaffolds using
npm create video@latestand installs official packages such as@remotion/transitions. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through data ingestion from external project sources.
- Ingestion points: Screen titles and descriptions are retrieved from the Stitch API via the
get_screentool in the SKILL.md instructions. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat this ingested content as untrusted data.
- Capability inventory: The skill has the ability to execute shell commands and install packages, which are leveraged for video production.
- Sanitization: There is no evidence of validation or sanitization of the screen descriptions before they are used in the generated React components.
Audit Metadata