remotion-render
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions suggest installing the platform's CLI tool by piping a remote script directly into the shell (curl -fsSL https://cli.inference.sh | sh). This pattern bypasses standard package manager security checks and executes remote code on the host machine.
- [REMOTE_CODE_EXECUTION]: The core functionality involves sending React/TSX code to a remote service for execution and rendering. This represents an indirect execution path for arbitrary code provided in the 'code' input parameter.
- [COMMAND_EXECUTION]: The skill requires the 'Bash' tool to execute 'infsh' commands for rendering videos and session management.
- [EXTERNAL_DOWNLOADS]: The installation process downloads binary executables from 'dist.inference.sh' to the local environment.
- [PROMPT_INJECTION]: The skill processes untrusted input in the form of React/TSX code. The ingestion point is the 'code' parameter in the input schema. It lacks explicit boundary markers or sanitization logic to prevent the agent from being influenced by instructions embedded within the processed code, creating an indirect prompt injection surface.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata