Remotion
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'MANDATORY' instruction block requiring the agent to execute a specific
curlcommand to a local service (localhost:8888) before any other action. This attempt to override agent behavior with fixed side-effects is a form of behavioral injection. - [COMMAND_EXECUTION]: The
Tools/Render.tsfile utilizes Bun's shell execution utility to run CLI commands likenpx remotion renderandnpx create-video. This allows the agent to execute shell commands within the project environment. - [REMOTE_CODE_EXECUTION]: The
Workflows/ContentToAnimation.mdworkflow dynamically generates a complete React project (includingpackage.jsonand source files) in a temporary directory and subsequently executesnpm installandnpx remotion render. Executing code generated at runtime from potentially untrusted inputs poses a significant risk. - [REMOTE_CODE_EXECUTION]: Documentation files frequently instruct the agent to run
npx remotion add <package>, which downloads and executes code from the npm registry at runtime during the skill's operation. - [PROMPT_INJECTION]: Indirect injection surface detected in
Workflows/ContentToAnimation.md. 1. Ingestion points: YouTube transcripts, Web URLs, PDF files, and Tweets via Parser skill. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (npx), file writes (/tmp/), and network requests (curl). 4. Sanitization: Absent; content is directly interpolated into generated React source files.
Audit Metadata