Skills
skills/vishalsachdev/claude-skills/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • Prompt Injection (HIGH): The file rules/tailwind.md explicitly instructs the agent to 'fetch https://www.remotion.dev/docs/tailwind using WebFetch for instructions'. This is a direct attempt to override the skill's local logic with unverified external instructions, a common vector for instruction hijacking.
  • Indirect Prompt Injection (HIGH): Multiple files (e.g., rules/calculate-metadata.md, rules/compositions.md, rules/lottie.md) demonstrate patterns where the application fetches JSON data from remote URLs provided in props (e.g., props.dataUrl, props.videoId).
  • Ingestion points: fetch() calls in calculateMetadata and useEffect hooks.
  • Boundary markers: None present; external data is parsed and directly used to set critical rendering properties like durationInFrames, width, and height.
  • Capability inventory: Access to fetch, shell command execution via npx, and canvas manipulation.
  • Sanitization: No validation or sanitization of the fetched JSON structure is shown before it is merged into the component's state or props.
  • External Downloads (MEDIUM): The skill documentation repeatedly encourages using npx remotion add to install various packages. This includes mediabunny (rules/can-decode.md, rules/extract-frames.md), which is not a trusted source according to the provided security parameters.
  • Command Execution (MEDIUM): Installation instructions throughout the rules (e.g., rules/3d.md, rules/audio.md, rules/fonts.md) use npx, bunx, yarn, and pnpm exec to perform side-effectful operations at the system level.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:25 AM