remotion-render
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the infsh CLI for video rendering, which is the standard interface for the Inference.sh platform.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted React/TSX code and props as input parameters. Ingestion points: 'code' and 'props' parameters in SKILL.md. Boundary markers: No delimiters are used to isolate user code from instructions. Capability inventory: Uses the Bash tool to execute commands on the host. Sanitization: The skill does not validate or sanitize the input code before execution.
- [REMOTE_CODE_EXECUTION]: The skill executes remote applications using the 'infsh app run' command and installs dependencies via 'npx', which are standard operations for this vendor's ecosystem.
Audit Metadata