remotion-to-hyperframes

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No override or bypass patterns detected. The instructions maintain clear boundaries and focus on the migration task. The 'escape-hatch' section is a legitimate technical recommendation for non-translatable code using an interop pattern, not an instruction to bypass safety filters.
  • [DATA_EXFILTRATION]: No sensitive file access or unauthorized network exfiltration patterns found. Network activity is confined to well-known CDNs (cdnjs, unpkg) and official GitHub PR links for documentation purposes.
  • [EXTERNAL_DOWNLOADS]: Downloads are limited to well-known technology services. The skill references GSAP from cdnjs and Lottie-web from cdnjs/unpkg, which are standard practices for web-based animation compositions.
  • [COMMAND_EXECUTION]: The skill uses local shell scripts (lint_source.py, render_diff.sh, run.sh) exclusively for its internal testing corpus and validation. These scripts perform deterministic tasks like calculating SSIM scores or running regex-based linting on source files. No arbitrary or unsafe command execution was identified.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or private tokens detected. Configuration files (remotion.config.ts) and environment variable references (R2HF_SSIM_THRESHOLD) are used for benign rendering settings.
  • [OBFUSCATION]: All scripts and markdown files are in plain text and fully readable. No Base64-encoded strings, zero-width characters, or homoglyphs were found.
  • [REMOTE_CODE_EXECUTION]: No patterns of 'curl | bash' or dynamic execution of untrusted remote content detected. Remote references are limited to static library assets from trusted CDNs.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided Remotion code (untrusted data), it implements a strict 'lint-then-translate' workflow. The use of a regex-based linter (scripts/lint_source.py) to block complex React patterns (useState, useEffect) significantly reduces the surface area for logic-based injections.
  • [PRIVILEGE_ESCALATION]: No use of sudo, chmod 777, or other privilege-altering commands found. Scripts operate within standard user permissions.
  • [DYNAMIC_EXECUTION]: The skill generates static HTML and GSAP timelines. It does not use eval() or similar constructs to execute code generated from user input at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — remotion-to-hyperframes