remotion-render
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the infsh command-line tool to interface with the vendor's platform. This is required for the skill's primary function of rendering video.\n- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of user-provided React/Remotion code on a remote server (inference.sh). This is the intended behavior of the video generation service.\n- [SAFE]: All external dependencies, CLI tools, and domains mentioned belong to the official vendor (inferen-sh) or trusted entities like Remotion.\n- [SAFE]: Documentation of Indirect Prompt Injection surface:
- Ingestion points: The code and props parameters in SKILL.md accept external content.
- Boundary markers: No explicit delimiters are specified for the React code segments within the prompt.
- Capability inventory: The skill has the ability to execute shell commands via infsh.
- Sanitization: No explicit sanitization is described in the skill instructions; it is assumed the rendering platform handles code isolation.
Audit Metadata