remotion-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Multiple rules (e.g.,
rules/3d.md,rules/audio.md,rules/fonts.md) instruct the agent to install external packages usingnpx remotion add. These packages are from the@remotionscope, which is not on the Trusted GitHub Organizations list. - COMMAND_EXECUTION (MEDIUM): The
rules/cli.md,rules/ffmpeg.md, andrules/transparent-videos.mdfiles provide specific command-line instructions for the agent to executenpx remotionandbunx remotion ffmpeg. These allow the agent to perform file system operations and media rendering on the host machine. - REMOTE_CODE_EXECUTION (MEDIUM): The
rules/transcribe-captions.mdandrules/voiceover.mdrules provide full Node.js scripts that the agent is expected to write to disk and execute. These scripts perform network requests and callinstallWhisperCpp, which downloads external binaries (Whisper.cpp) and models. - PROMPT_INJECTION (LOW): Found surface for Indirect Prompt Injection (Category 8).
- Ingestion points:
rules/calculate-metadata.mdandrules/compositions.mdinstruct the agent to usefetch()to retrieve data from URLs provided inprops(e.g.,props.dataUrl,props.videoId). - Boundary markers: Absent in the examples; fetched data is parsed as JSON and used directly in composition logic.
- Capability inventory: The agent has the ability to execute CLI commands (
npx remotion), write files to thepublic/directory, and execute Node.js scripts. - Sanitization: No sanitization or validation of the fetched JSON content is demonstrated before it is used to influence render parameters or component props.
Audit Metadata