remotion-render
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill documentation includes a setup command 'curl -fsSL https://cli.inference.sh | sh' in the Quick Start section. This pattern executes a remote script directly in the user's shell without verification. The domain inference.sh is not a trusted source, making this a high-risk RCE vector.
- [Command Execution] (HIGH): The skill requests wide-reaching tool permissions via 'allowed-tools: Bash(infsh *)'. This allows the agent to execute any subcommand of the infsh utility, which could be exploited for unauthorized actions such as credential harvesting through 'infsh login'.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted TSX code through the 'code' parameter.
- Ingestion points: The input schema in SKILL.md accepts raw code as a required string.
- Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from being influenced by logic inside the rendered code.
- Capability inventory: The agent uses the Bash tool to pass this code to a remote rendering service.
- Sanitization: Absent; the code is passed directly to the command line without escaping or validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata