remotion-video
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from initiative briefs to drive video generation logic.
- Ingestion points: The agent reads from pm-workspace-docs/initiatives/active/[name]/pmm-video-brief.md.
- Boundary markers: There are no delimiters or explicit instructions to ignore potentially malicious instructions embedded within the brief documents.
- Capability inventory: The workflow includes writing to remotion-pmm/briefs/, remotion-pmm/src/, and pm-workspace-docs/status/videos/README.md.
- Sanitization: No sanitization or validation logic is specified for the input data before it is incorporated into JSON briefs or source code files.
- [NO_CODE]: The skill consists entirely of markdown documentation and does not include any scripts, executable files, or third-party dependencies.
Audit Metadata