remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The file 'rules/transcribe-captions.md' provides code templates using 'child_process.execSync' and 'fs.writeFileSync' for audio transcription workflows (FFmpeg, Whisper). These are high-privilege operations that should be handled with caution if executed by an AI agent.
- EXTERNAL_DOWNLOADS (LOW): Rules such as 'rules/fonts.md' and 'rules/3d.md' instruct the agent to install external packages via 'npx remotion add'. These are standard library extensions but represent external code dependencies.
- PROMPT_INJECTION (LOW): The file 'rules/tailwind.md' directs the agent to fetch and follow instructions from an external URL ('https://www.remotion.dev/docs/tailwind'), creating a surface for indirect prompt injection. Additionally, 'rules/calculate-metadata.md' and 'rules/lottie.md' demonstrate fetching and processing data from external URLs, which are potential ingestion points for malicious content.
Audit Metadata