remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for installing official Remotion packages and dependencies using standard package managers (npm, yarn, pnpm, bun) and the official
remotion addCLI utility. - [EXTERNAL_DOWNLOADS]: Fetches sample audio assets from the official Remotion media domain (
remotion.media). - [EXTERNAL_DOWNLOADS]: Instructions in
rules/transcribe-captions.mddescribe downloading thewhisper.cppbinary and machine learning models using the@remotion/install-whisper-cpppackage, which is part of the official Remotion ecosystem. - [INDIRECT_PROMPT_INJECTION]: The skill documents patterns for ingesting external data such as captions (JSON, SRT), Lottie animation files, and remote media assets. These represent standard ingestion surfaces for media processing workflows.
- [COMMAND_EXECUTION]: Provides examples of using the Remotion CLI for FFmpeg and FFprobe operations (
bunx remotion ffmpeg). These are legitimate commands used for video rendering and inspection. - [CREDENTIALS_SAFE]: Mentions the use of environment variables for API keys (
REMOTION_MAPBOX_TOKEN,ELEVENLABS_API_KEY) and provides instructions for users to configure their own keys. No hardcoded credentials or secrets are present.
Audit Metadata