rendiv-video
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install various @rendiv/ framework packages and well-known third-party libraries like three, lottie-web, and gifuct-js using the pnpm package manager.
- [COMMAND_EXECUTION]: Guidance is provided for using the rendiv CLI to perform core framework tasks, including rendering compositions with the 'rendiv render' command, capturing still frames with 'rendiv still', and launching the developer studio via 'rendiv studio'.
- [DATA_EXFILTRATION]: The documentation includes code examples for fetching external data using the fetch API and embedding remote content through the component, which are standard features for creating data-driven video compositions.
- [PROMPT_INJECTION]: The skill identifies ingestion points for untrusted data, such as parsing subtitle files with 'parseSrt' and processing JSON transcripts via 'parseWhisperTranscript', which could potentially serve as surfaces for indirect prompt injection.
Audit Metadata