Skills
skills/witroch4/witdev-skills/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing various framework-specific packages from the official registry (e.g., @remotion/three, @remotion/media, @remotion/google-fonts) to enable extended video functionality.
  • [REMOTE_CODE_EXECUTION]: Instructions in rules/transcribe-captions.md describe the installation of the Whisper.cpp binary using the @remotion/install-whisper-cpp utility for audio transcription tasks.
  • [COMMAND_EXECUTION]: The skill documents the use of FFmpeg for media manipulation, utilizing bunx remotion ffmpeg and Node.js execSync for tasks such as re-encoding and trimming videos.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists in the calculateMetadata patterns.
  • Ingestion points: Data is fetched from dynamic URLs or API endpoints in rules/calculate-metadata.md and rules/compositions.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing external JSON data.
  • Capability inventory: The fetched data can influence composition duration, dimensions, and the props passed to React components.
  • Sanitization: The examples do not demonstrate validation or sanitization of external data before applying it to the composition state.
  • [DATA_EXFILTRATION]: The skill documents network communication with well-known and trusted service providers, including ElevenLabs (api.elevenlabs.io) for speech synthesis and Mapbox for geographic data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:55 PM