remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates patterns for fetching data from external URLs (e.g.,
rules/calculate-metadata.md,rules/compositions.md, andrules/lottie.md) and using it to populate component properties or metadata. This creates an indirect prompt injection surface where untrusted data could influence agent behavior.\n - Ingestion points:
rules/calculate-metadata.md,rules/compositions.md, andrules/lottie.md.\n - Boundary markers: Code examples lack delimiters for external data.\n
- Capability inventory: Examples use
fetchfor network requests.\n - Sanitization: No data sanitization or validation is demonstrated.\n- [EXTERNAL_DOWNLOADS]: The documentation describes installing various official
@remotion/*packages and themediabunnyutility. These are standard dependencies for the Remotion ecosystem.\n- [COMMAND_EXECUTION]: The skill includes example shell commands for adding project dependencies usingnpx,yarn,pnpm, andbun.
Audit Metadata