thumbnail-first-frame
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The content consists of legitimate design instructions and code examples. No attempts to subvert agent instructions or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were identified.
- Remote Code Execution & Dependencies (SAFE): The skill mentions the 'remotion' framework and provides standard TypeScript components. It does not attempt to download or execute untrusted remote scripts.
- Indirect Prompt Injection (SAFE): The provided 'ThumbnailTemplate' accepts external data (title, subtitle) for rendering. While this is an ingestion point for untrusted data, standard React rendering provides inherent protection against common injection vectors in this context. Mandatory Evidence Chain: 1. Ingestion points: props in
ThumbnailTemplate(title, subtitle, backgroundImage). 2. Boundary markers: None present in the code snippet. 3. Capability inventory: UI rendering using React/Remotion. 4. Sanitization: Standard React text-node escaping.
Audit Metadata