remotion
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a collection of Best Practice guidelines and code templates for the Remotion video framework. All analyzed content is instructional and aligns with standard software development procedures.
- [EXTERNAL_DOWNLOADS]: The documentation describes the use of several official packages such as
@remotion/three,@remotion/media,@remotion/captions, and@remotion/lottie. It also references well-known libraries likemapbox-gl,@turf/turf, andzod. These are standard dependencies for the tasks of video rendering, mapping, and data validation. - [COMMAND_EXECUTION]: The skill provides standard commands for installing dependencies via
npx,npm,yarn,pnpm, andbun. It also includes a commented-out code snippet illustrating the use offfmpegvia Node.jschild_process.execSyncfor audio processing tasks. - [DATA_EXFILTRATION]: The skill specifically recommends using
.envfiles to store sensitive credentials like Mapbox access tokens, which is a recognized security best practice to prevent credential exposure in source code. - [INDIRECT_PROMPT_INJECTION]: Some code templates (e.g., in
calculate-metadata.mdandcompositions.md) demonstrate patterns for fetching data from external URLs or user-provided props. While this represents a theoretical ingestion surface for untrusted data, the skill provides these as standard development patterns for data-driven video generation.
Audit Metadata