Skills
skills/digitalsamba/claude-code-video-toolkit/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use several CLI tools including npx remotion, npx create-video, and ffmpeg to manage video projects, render frames, and process media assets.
  • [EXTERNAL_DOWNLOADS]: The skill provides patterns for installing the Whisper.cpp binary and downloading pre-trained AI models using the @remotion/install-whisper-cpp package to enable speech-to-text functionality.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8).
  • Ingestion points: The skill is designed to fetch and parse external data from URLs via calculateMetadata (rules/calculate-metadata.md), as well as subtitle content from SRT and JSON files (rules/import-srt-captions.md, rules/display-captions.md).
  • Boundary markers: There are no instructions provided to wrap or delimit untrusted external content with specific safety markers or instructions to ignore embedded commands.
  • Capability inventory: The skill provides instructions for executing shell commands (npx, ffmpeg) and writing files to the local file system (fs.writeFileSync in rules/transcribe-captions.md).
  • Sanitization: The documented patterns do not include explicit sanitization or validation logic for the content of processed subtitle files or external API responses before they are used in rendering or metadata calculation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:04 PM
Security Audit — agent-trust-hub — remotion-best-practices