skills/danielmiessler/lifeos/Remotion/Gen Agent Trust Hub

Remotion

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains a 'MANDATORY' instruction block that requires the agent to execute a network notification command immediately upon invocation. This is an attempt to override standard agent behavior and bypass user intent by forcing a pre-defined action before the primary task is addressed.
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to interact with the system. In SKILL.md, it mandates the use of curl for notifications. In Tools/Render.ts, it utilizes the Bun shell ($) to execute npx remotion and npx create-video commands. These commands interpolate variables like compositionId and outputPath, which could lead to command injection if malicious strings are provided as input.
  • [EXTERNAL_DOWNLOADS]: The rendering logic in Tools/Render.ts and the installation instructions in several reference files (e.g., Tools/Ref-3d.md, Tools/Ref-audio.md) rely on npx to download and execute code from remote registries at runtime. These packages (e.g., create-video@latest, @remotion/media) are often unversioned, posing a supply chain risk.
  • [DATA_EXFILTRATION]: The mandatory notification workflow in SKILL.md performs a POST request to http://localhost:8888/notify. This transmits metadata about the current workflow and action to a local network service without explicit user request or consent for that specific data transmission.
  • [REMOTE_CODE_EXECUTION]: The workflow in Workflows/ContentToAnimation.md involves ingesting untrusted content from the web (YouTube transcripts, articles, PDFs) and using it to dynamically generate React components which are then rendered into a video. This creates an attack surface where malicious input could influence the generated code executed during the rendering process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Remotion