remotion-render
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes React (TSX) code through the 'code' input parameter, which is then rendered into a video. This creates an attack surface for indirect prompt injection if the ingested code contains instructions intended to influence the agent or the execution environment. Ingestion points: 'code' parameter in SKILL.md. Boundary markers: No delimiters or warnings to ignore instructions within the input code are provided. Capability inventory: The skill uses the 'infsh' bash tool to perform rendering. Sanitization: No input validation or sanitization of the TSX code is described.
- [COMMAND_EXECUTION]: The skill relies on the 'infsh' CLI tool for authentication and running applications (video rendering). The documentation also includes instructions for users to run commands like 'infsh login' and 'infsh app run'.
- [EXTERNAL_DOWNLOADS]: The documentation references external resources for installation and related tools, including links to GitHub for CLI installation scripts and instructions to use 'npx' to add additional skills from remote sources.
Audit Metadata