Skills
skills/zhuy3075-ui/skill/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documents patterns for fetching data from external URLs (e.g., in the calculateMetadata and Lottie loading examples). These ingestion points represent a surface for indirect prompt injection where untrusted remote content could influence agent behavior if not properly sanitized.
  • Ingestion points: calculateMetadata function in rules/calculate-metadata.md and rules/compositions.md; remote JSON/Lottie fetching in rules/display-captions.md, rules/lottie.md, and rules/import-srt-captions.md.
  • Boundary markers: None identified in the provided code examples.
  • Capability inventory: Network operations via fetch; file system access via writeFileSync for writing transcription results; command execution for media processing.
  • Sanitization: Examples do not demonstrate explicit sanitization or validation of the fetched remote content before use.
  • [EXTERNAL_DOWNLOADS]: The skill recommends the use of the @remotion/install-whisper-cpp package for audio transcription, which involves downloading the Whisper.cpp binary and pre-trained AI models from external sources.
  • [COMMAND_EXECUTION]: Instructions include the use of FFmpeg and FFprobe via the CLI for video manipulation tasks such as trimming, re-encoding, and metadata extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:21 AM