remotion-to-hyperframes

No explicit malicious behavior (exfiltration, backdoor indicators, hardcoded credentials, obvious obfuscated payloads) is present in this Bash orchestrator file. However, it substantially increases supply-chain and host-execution exposure by (1) executing fixture-provided setup.sh and validate.sh with no sandboxing and (2) performing runtime npm install inside fixture directories without visible pinning/integrity controls. Treat fixtures and dependency provenance as high trust or add sandboxing, pinning, and integrity verification to reduce risk.