Skills
skills/zacdcook/elevenlabs-remotion-skill/elevenlabs-remotion/Gen Agent Trust Hub

elevenlabs-remotion

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The generate.js script is designed to read the ELEVENLABS_API_KEY from a local .env.local file. This represents programmatic access to sensitive user credentials.
  • [COMMAND_EXECUTION]: The generate.js script uses execSync to invoke ffmpeg and ffprobe binaries. It interpolates file paths and scene metadata directly into shell command strings. Since these paths can be sourced from user-provided CLI arguments or potentially untrusted scenes.json files, this creates a vector for command injection on the host system.
  • [PROMPT_INJECTION]: The CLAUDE.md file defines a workflow where the agent uses WebFetch to scrape external websites to extract design tokens. This process exposes the agent to indirect prompt injection, as malicious website content could contain instructions intended to override agent behavior.
  • Ingestion points: External URLs accessed via WebFetch during the Design Extraction Workflow in CLAUDE.md.
  • Boundary markers: None specified for the content retrieved from external URLs.
  • Capability inventory: The agent has permission to use node, npx, ffprobe, and ffmpeg via the Bash tool.
  • Sanitization: The skill documentation does not describe any sanitization or validation logic for data ingested from the web.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 06:47 PM