Remotion Video Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Remotion video workflow guide with human approval gates and no hidden execution, credential handling, or persistence.

Before installing, be aware that the workflow may create or overwrite video project artifacts only after confirmation, and any TTS/STT service credentials should stay under your control. Specify your preferred language if you do not want the Chinese example terminology reflected in outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill mandates bilingual/Chinese-specific deliverables and review prompts such as '口播脚本', '屏幕大字', and Chinese checklist text, and the example content later is also Chinese. There is no explicit statement that the language should follow user preference or that other languages are equally supported, which can violate a language/locale choice policy.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal