remotion

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is a collection of Best Practice guidelines and code templates for the Remotion video framework. All analyzed content is instructional and aligns with standard software development procedures.
  • [EXTERNAL_DOWNLOADS]: The documentation describes the use of several official packages such as @remotion/three, @remotion/media, @remotion/captions, and @remotion/lottie. It also references well-known libraries like mapbox-gl, @turf/turf, and zod. These are standard dependencies for the tasks of video rendering, mapping, and data validation.
  • [COMMAND_EXECUTION]: The skill provides standard commands for installing dependencies via npx, npm, yarn, pnpm, and bun. It also includes a commented-out code snippet illustrating the use of ffmpeg via Node.js child_process.execSync for audio processing tasks.
  • [DATA_EXFILTRATION]: The skill specifically recommends using .env files to store sensitive credentials like Mapbox access tokens, which is a recognized security best practice to prevent credential exposure in source code.
  • [INDIRECT_PROMPT_INJECTION]: Some code templates (e.g., in calculate-metadata.md and compositions.md) demonstrate patterns for fetching data from external URLs or user-provided props. While this represents a theoretical ingestion surface for untrusted data, the skill provides these as standard development patterns for data-driven video generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:37 PM
Security Audit — agent-trust-hub — remotion