Skills
skills/1nfsh-s3/skills/remotion-render/Gen Agent Trust Hub

remotion-render

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh command-line tool for authentication and to trigger video rendering jobs on the inference.sh cloud infrastructure.
  • [EXTERNAL_DOWNLOADS]: Instructions are provided to install the infsh CLI via npx and add related skills from the vendor's repository (inference-sh/skills). These are recognized as legitimate vendor resources.
  • [DATA_EXFILTRATION]: User-provided or agent-generated React code is transmitted to the inference.sh service. This is the primary function of the skill and occurs within the vendor's ecosystem.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it accepts React TSX code and properties (ingestion points: code and props in SKILL.md) which are then processed by the infsh rendering capability. While no explicit boundary markers or sanitization logic are defined in the skill instructions to mitigate malicious code injection from untrusted inputs, this is consistent with the skill's purpose as a code-to-video renderer.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:43 PM
Security Audit — agent-trust-hub — remotion-render