Skills
skills/dokhacgiakhoa/antigravity-ide/remotion-best-practices/Gen Agent Trust Hub

remotion-best-practices

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to install official Remotion ecosystem packages using package managers like npm, yarn, pnpm, and bun (e.g., npx remotion add @remotion/media).
  • [EXTERNAL_DOWNLOADS]: The skill references and fetches assets from external sources including remotion.media, remotion.dev, and lottiefiles.com. These are used for loading video assets, documentation, and animation data.
  • [PROMPT_INJECTION]: The skill contains patterns susceptible to indirect prompt injection (Category 8).
  • Ingestion points: External data is fetched in rules/calculate-metadata.md, rules/compositions.md, and rules/lottie.md using fetch() with URLs potentially provided via component props.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the examples where remote data is processed.
  • Capability inventory: The agent is instructed to perform package installations and file system operations based on the skill's guidelines.
  • Sanitization: The examples demonstrate direct parsing and usage of remote JSON data without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 01:54 PM