Skills
skills/zeinalii/skills/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill recommends installing multiple NPM packages, including the @remotion scope and the mediabunny utility. These are standard dependencies for the framework's features but represent an external code trust dependency.
  • PROMPT_INJECTION (LOW): The skill provides patterns for processing user-controlled narration or external data via LLM providers (OpenAI, Claude, Gemini) in rules/ai-content-analysis.md and rules/llm.md. This represents a surface for indirect prompt injection.
  • Ingestion points: Video scripts and narration text in rules/ai-content-analysis.md; external JSON data via fetch in rules/calculate-metadata.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples.
  • Capability inventory: Use of @remotion/llm for AI calls and fetch for network requests.
  • Sanitization: No input sanitization or validation logic is demonstrated in the patterns for processing untrusted strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:30 PM