remotion-skill
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md direct the agent to clone an external repository from https://github.com/Ceeon/remotion-skill.git. This repository belongs to an unknown user and is not part of the trusted vendors list.\n- [REMOTE_CODE_EXECUTION]: The skill executes npm install after cloning the external repository and also within the 脚本库/check-env.sh script. This command can trigger arbitrary code execution through package lifecycle scripts (e.g., preinstall, postinstall) using content from an unverified source.\n- [COMMAND_EXECUTION]: The skill uses various shell commands for environment setup and rendering, including git clone, npm install, and npx remotion render. These commands interact with the host system and execute logic from external dependencies.\n- [PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface. It ingests untrusted user input (descriptions or ASCII sketches) and uses it to generate .tsx component files, which are then executed via npx remotion render.\n
- Ingestion points: User descriptions and ASCII sketches processed in the animation generation workflow.\n
- Boundary markers: Absent; there are no instructions to sanitize or delimit user input during code generation.\n
- Capability inventory: The skill can clone repositories, install packages, write files, and execute the Remotion CLI.\n
- Sanitization: Absent; the agent is instructed to generate component code based on user input without validation.
Recommendations
- AI detected serious security threats
Audit Metadata