video

This skill is largely legitimate in purpose and scope: it documents workflows to analyze, transcribe, and edit videos using local tools (ffmpeg/ffprobe) and Remotion, and sensibly includes manual QA and preview steps. The main security concerns are supply-chain and execution risks from running npx/npm-installable scripts and invoking CLI tools. Those patterns are common for developer tooling but carry moderate risk unless package sources are verified and execution is run in a trusted, sandboxed environment. There are no explicit signs of credential harvesting, remote exfiltration endpoints, obfuscated/malicious payloads, or instructions to bypass user consent. Recommended mitigations: review and pin npm dependencies (use lockfiles), verify authenticity of @remotion/install-whisper-cpp and any whisper.cpp distribution, avoid running npx commands from untrusted environments, and ensure the agent or operator runs commands locally with restricted privileges and explicit user approval before rendering or uploading output.