Security evaluation report for @forgecat/remotion-dev_skills_remotion v0.1.3
Source Integrity
Safe
Profile is sourced from the official Remotion GitHub repository (https://github.com/remotion-dev/skills), a legitimate and well-known open-source project.
Commit hash and version are documented; no evidence of tampering or supply-chain substitution.
Agent Intent
Safe
Content is purely educational documentation for Remotion video creation best practices—no instructions to manipulate the AI, ignore system prompts, or exfiltrate data.
Code examples demonstrate legitimate Remotion APIs (useCurrentFrame, interpolate, Audio, Video, Composition, etc.) with no hidden directives or guidance poisoning.
References to external files (rules/subtitles.md, rules/ffmpeg.md, etc.) are documentation cross-links, not instructions to fetch and execute untrusted payloads.
Details
Evidence
All code blocks are standard React/TypeScript patterns for video composition.
No 'ignore previous instructions', role-hijack language, or directives to read system prompts.
No instruction to weaken security defaults, install typosquatted packages, or embed backdoored templates.
Permissions
Safe
Profile declares no tools, hooks, or MCP servers—it is pure markdown documentation.
No file_write, file_delete, shell, or web_fetch permissions are requested or implied.
Skill descriptions are narrowly scoped to Remotion video composition guidance.
Details
Evidence
No 'tools' or 'mcp_servers' section in profile metadata.
No alwaysApply rules or glob patterns requesting broad filesystem or network access.
MCP Risk
Safe
No MCP servers are defined in the profile.
Profile is documentation only; no binary execution, network access, or filesystem scope to evaluate.
ForgeCat