stitch-remotion
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash, curl, npm, and npx commands to perform project initialization, dependency management, and video rendering. These actions are standard for the intended workflow of building a Remotion project.
- [EXTERNAL_DOWNLOADS]: The skill fetches design assets and HTML code from Google's Stitch platform (stitch.withgoogle.com). It also downloads official Remotion templates and skills from the vendor's GitHub repository. All external interactions are directed toward established, official endpoints.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data from the Stitch API and using it in code generation.
- Ingestion points: Screen titles and descriptions are retrieved via the stitch-mcp-get-screen tool.
- Boundary markers: The instructions do not define delimiters or specific safety warnings for the generated React code or JSON manifest.
- Capability inventory: The skill has access to shell execution (npm/npx), file system operations (Write), and network requests (web_fetch).
- Sanitization: There is no mention of sanitizing or escaping the screen metadata before it is interpolated into the walkthrough composition code.
Audit Metadata