remotion-to-framevideo

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes several utility scripts (such as scripts/render_diff.sh and scripts/frame_strip.sh) that invoke system commands like ffmpeg and ffprobe for video processing and frame-accurate comparison. It also uses npm and npx for managing project dependencies and executing rendering tasks within test fixtures.
  • [COMMAND_EXECUTION]: Multiple bash scripts utilize bash Heredocs to dynamically generate and execute inline Python scripts. This technique is used for tasks like parsing ffprobe JSON output, calculating SSIM statistics, and aggregating test results.
  • [EXTERNAL_DOWNLOADS]: The skill's test orchestrator (run.sh) performs npm install for fixture dependencies. Additionally, generated HTML compositions reference well-known third-party libraries including GSAP and Lottie-web from established public CDNs such as Cloudflare and Unpkg.
  • [SAFE]: The skill implements a linting process using scripts/lint_source.py to analyze Remotion source code for patterns that do not translate cleanly to a seek-driven model (e.g., useState, useEffect). It instructs the agent to recommend a runtime interop pattern for such cases, serving as a safety guardrail against incorrect translation of complex React logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:13 PM
Security Audit — agent-trust-hub — remotion-to-framevideo