remotion
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands and scripts to manage the video production lifecycle. This includes using
npmandnpxto initialize projects, manage dependencies, and render final video outputs. It also includes a helper scriptscripts/download-stitch-asset.shthat usescurlto download images.\n- [EXTERNAL_DOWNLOADS]: The skill is configured to download project assets from Google Cloud Storage (storage.googleapis.com) and references the official Remotion repository on GitHub for advanced components and best practices. These sources are well-known and consistent with the skill's purpose.\n- [REMOTE_CODE_EXECUTION]: The skill generates and executes React-based video components at runtime. It creates.tsxfiles based on design metadata and renders them using the Remotion CLI. This dynamic generation is the primary function of the skill.\n- [PROMPT_INJECTION]: The skill processes untrusted design metadata and HTML from the Stitch platform, which presents an indirect prompt injection surface. This data is used to generate video overlays and influence component logic.\n - Ingestion points: Screen titles, descriptions, and HTML retrieved via Stitch MCP tools (
list_projects,get_screen).\n - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' warnings for the ingested data.\n
- Capability inventory: The agent has access to
Bash, file systemWriteoperations, and command execution vianpm/npx.\n - Sanitization: No explicit sanitization of the retrieved design metadata is mentioned in the instruction set.
Audit Metadata