remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill documents patterns for ingesting and processing external data, which introduces a theoretical surface for indirect prompt injection.
- Ingestion points: Loading external Lottie JSON files (rules/lottie.md), fetching data for composition metadata (rules/calculate-metadata.md), and importing subtitle files (rules/display-captions.md).
- Capability inventory: The skill leverages subprocess execution via FFmpeg (rules/ffmpeg.md), file system writes (rules/transcribe-captions.md), and network requests to external APIs (rules/voiceover.md).
- Sanitization: No specific boundary markers or sanitization logic are defined for the handled external content.
- [EXTERNAL_DOWNLOADS]: The documentation identifies several third-party dependencies and external tools required for specific functionalities.
- Packages: Recommends installing
mediabunnyfor media inspection andmapbox-glfor map animations. - Binaries: The transcription workflow (rules/transcribe-captions.md) involves downloading the Whisper.cpp binary via the official
@remotion/install-whisper-cppvendor package. - Assets: References external sound effect repositories on GitHub (rules/sfx.md).
- [COMMAND_EXECUTION]: Provides instructions for executing CLI tools within the development environment.
- Media Tools: Includes examples for running
bunx remotion ffmpegandbunx remotion ffprobefor video trimming and metadata inspection (rules/ffmpeg.md).
Audit Metadata