Skills
skills/inference-sh/skills/remotion-render/Gen Agent Trust Hub

remotion-render

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the infsh CLI tool to run the video rendering application. This is the primary method for interacting with the vendor's platform and is considered safe within the context of the vendor's own tools.- [EXTERNAL_DOWNLOADS]: The documentation references the installation of the inference.sh CLI and related skills (e.g., inference-sh/skills@agent-tools) via npx. These are official resources from the skill's authoring organization and are documented neutrally.- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface because it processes untrusted TSX code through the code input parameter.
  • Ingestion points: Untrusted data enters the agent context via the code parameter in the SKILL.md input schema.
  • Boundary markers: Absent; the skill does not provide specific delimiters or instructions to the agent to disregard potential instructions embedded within the provided TSX code.
  • Capability inventory: The skill uses the Bash(infsh *) tool to transmit the code to the vendor's infrastructure for rendering.
  • Sanitization: Absent; there is no mention of input validation, escaping, or filtering of the provided TSX code before it is passed to the tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:20 PM