remotion-render
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and fetches installation documentation from an external GitHub repository (
inference-sh/skills). - [REMOTE_CODE_EXECUTION]: Directs users to install the
belt-sh/clitool and executes remote application logic on theinference.shinfrastructure. - [COMMAND_EXECUTION]: Utilizes the
beltCLI tool to perform system-level operations for video rendering. - [PROMPT_INJECTION]: The skill ingests and processes user-provided React/TSX code, which serves as an attack surface for indirect prompt injection.
- Ingestion points: The
codeparameter in the input schema withinSKILL.md. - Boundary markers: None are defined in the provided usage examples to delimit the code from other instructions.
- Capability inventory: The skill has access to the shell via the
beltCLI and performs network operations to send code to a remote rendering service. - Sanitization: There is no evidence of sanitization or structural validation performed on the input code before it is passed to the execution environment.
Audit Metadata