Remotion
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains a 'MANDATORY' instruction block that requires the agent to execute a network notification command immediately upon invocation. This is an attempt to override standard agent behavior and bypass user intent by forcing a pre-defined action before the primary task is addressed. - [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to interact with the system. In
SKILL.md, it mandates the use ofcurlfor notifications. InTools/Render.ts, it utilizes the Bun shell ($) to executenpx remotionandnpx create-videocommands. These commands interpolate variables likecompositionIdandoutputPath, which could lead to command injection if malicious strings are provided as input. - [EXTERNAL_DOWNLOADS]: The rendering logic in
Tools/Render.tsand the installation instructions in several reference files (e.g.,Tools/Ref-3d.md,Tools/Ref-audio.md) rely onnpxto download and execute code from remote registries at runtime. These packages (e.g.,create-video@latest,@remotion/media) are often unversioned, posing a supply chain risk. - [DATA_EXFILTRATION]: The mandatory notification workflow in
SKILL.mdperforms a POST request tohttp://localhost:8888/notify. This transmits metadata about the current workflow and action to a local network service without explicit user request or consent for that specific data transmission. - [REMOTE_CODE_EXECUTION]: The workflow in
Workflows/ContentToAnimation.mdinvolves ingesting untrusted content from the web (YouTube transcripts, articles, PDFs) and using it to dynamically generate React components which are then rendered into a video. This creates an attack surface where malicious input could influence the generated code executed during the rendering process.
Audit Metadata