remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Multiple rule files (rules/3d.md, rules/audio.md, rules/display-captions.md, rules/fonts.md, rules/gifs.md, rules/lottie.md, rules/measuring-text.md, rules/transitions.md, rules/videos.md) provide instructions to install external Node.js dependencies using 'npx remotion add'. These include scoped packages such as '@remotion/three', '@remotion/media', '@remotion/captions', and '@remotion/transitions'.\n- COMMAND_EXECUTION (MEDIUM): The skill contains executable shell commands for various package managers (npm, bun, yarn, pnpm) to add external framework extensions.\n- PROMPT_INJECTION (LOW): The file 'rules/tailwind.md' instructs the agent to 'fetch https://www.remotion.dev/docs/tailwind using WebFetch for instructions'. This directed retrieval of external, untrusted instructions is a classic indirect prompt injection surface.\n- DATA_EXFILTRATION (LOW): Several rules (rules/calculate-metadata.md, rules/lottie.md, rules/import-srt-captions.md) describe patterns for fetching external data using 'fetch()'. Specifically, 'rules/calculate-metadata.md' demonstrates fetching from a dynamic URL provided in props ('props.dataUrl'), which creates an ingestion point for untrusted data and a potential exfiltration vector.\n
- Ingestion points: fetch(props.dataUrl) in rules/calculate-metadata.md, fetch(url) in rules/lottie.md and rules/import-srt-captions.md.\n
- Boundary markers: Absent.\n
- Capability inventory: Network access (fetch), command execution (npx), and metadata manipulation (calculateMetadata).\n
- Sanitization: Absent; the fetched data is parsed and directly incorporated into the rendering context.
Audit Metadata