Remotion Best Practices

What to consider before installing: - The skill itself appears to be documentation and code samples for Remotion and is coherent with its stated purpose. It does not request credentials or install any binaries. - A warning: SKILL.md contains unicode control/zero-width characters detected by the scanner. These characters are uncommon in plain documentation and can hide or obfuscate instructions (a prompt-injection technique). Open the SKILL.md in a hex/viewer or run a tool to reveal control characters (e.g., cat -v SKILL.md, or view with an editor that shows invisible characters). If you see unexpected hidden text, contact the publisher or remove the characters. - Many examples reference external services (Mediabunny, ElevenLabs, remotion.media, api.example.com). Using those examples in your environment may require API keys or will cause network requests; do not provide secrets to the skill itself unless you understand where they are used. - Because the skill can be invoked by the agent autonomously (default), avoid enabling automatic runs that might follow examples against external URLs or user data until you have reviewed the files. If you plan to allow autonomous invocation, prefer turning that off or restricting what the agent can do until you confirm there's no obfuscated content. Actions you can take: - Inspect SKILL.md and the rule files for hidden/zero-width characters (cat -v, od -c, or an editor that shows invisibles). - Search for any code that performs fetch()/network calls or reads local files and confirm those calls are intentional and safe. - If you plan to use voiceover or TTS examples, provision API keys only in a secure place and never paste secrets into a skill that you haven't fully audited. Given the hidden-character finding, treat this skill as 'suspicious' until the SKILL.md is inspected and any hidden content is explained or removed.