remotion-best-practices
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents procedures for fetching external assets from well-known services, including Lottie animations from
lottiefiles.com, GeoJSON mapping data from public GitHub repositories, and official documentation fromremotion.dev. These downloads are documented features of the Remotion development ecosystem. - [REMOTE_CODE_EXECUTION]: Provides instructions for installing and executing the Whisper.cpp binary using the official
@remotion/install-whisper-cpppackage for audio transcription. This is a standard and safe workflow within the intended purpose of the skill. - [COMMAND_EXECUTION]: Recommends the use of
ffmpegviaexecSyncfor audio and video preprocessing. This is a common and legitimate practice in video engineering workflows. - [PROMPT_INJECTION]: The skill contains stylistic constraints for rendering UI mockups, described with strong instructional language (e.g., 'Mandatory Rules', 'Sole authority'). These are domain-specific requirements for the agent's task performance and do not attempt to override safety protocols or bypass agent guidelines.
- [DATA_EXPOSURE_SURFACE]: The skill illustrates patterns for ingesting untrusted data from external sources (JSON metadata, SRT subtitles, Lottie JSON) into the rendering pipeline.
- Ingestion points: rules/calculate-metadata.md, rules/display-captions.md, rules/import-srt-captions.md, rules/lottie.md.
- Boundary markers: Not explicitly defined in the provided examples.
- Capability inventory: Uses
fetchfor network data and provides patterns forexecSync(ffmpeg). - Sanitization: Not detailed in the documentation snippets. This surface is identified as a standard architectural pattern for data-driven video generation.
Audit Metadata