Skills
skills/phrazzld/claude-config/brand-video/Gen Agent Trust Hub

brand-video

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the npx remotion render command to generate MP4 video files. This involves running a Node.js-based CLI tool that compiles and executes TypeScript code within the project's source directory.- [PROMPT_INJECTION]: The skill includes an interface for a --script argument used to define video content. This constitutes an indirect prompt injection surface as untrusted script content could potentially influence downstream AI tasks like voiceover generation or scene selection.
  • Ingestion points: The --script argument provided in the skill metadata.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: Shell command execution via npx for rendering components.
  • Sanitization: No sanitization or validation of the input script is documented.- [EXTERNAL_DOWNLOADS]: The use of npx potentially downloads the remotion package and its dependencies from the npm registry if they are not pre-installed in the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:26 PM