remotion-render
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation provides an installation command that pipes a remote script from
https://cli.inference.shdirectly into a shell (sh). This is the vendor's official distribution method for their CLI tool. - [EXTERNAL_DOWNLOADS]: The installation script downloads platform-specific binaries and checksum files from
dist.inference.sh, which is the vendor's infrastructure. - [COMMAND_EXECUTION]: The skill is configured with permission to execute the
infshcommand-line utility, which is used to interact with the inference.sh cloud rendering service. - [PROMPT_INJECTION]: The skill exposes a surface for Indirect Prompt Injection because it interpolates user-provided content into command arguments.
- Ingestion points: The
codeandpropsparameters defined in the input schema withinSKILL.mdare used to provide the source material for video generation. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the parameters.
- Capability inventory: The skill has the capability to execute bash commands (
infsh) and pass user-defined strings to the vendor's rendering engine. - Sanitization: The skill does not implement sanitization or static analysis on the React/Remotion code before passing it to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata