Skills
skills/1nfsh-s3/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the agent to execute a shell command that pipes a remote script directly into the system shell: curl -fsSL https://cli.inference.sh | sh. This pattern is extremely dangerous as the content of the script can change at any time and bypasses all local security controls.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads an external binary/script from https://cli.inference.sh, which is not a pre-approved or trusted source according to the security framework.
  • COMMAND_EXECUTION (MEDIUM): The skill makes extensive use of the Bash tool to execute infsh commands and complex shell loops (for section in "${SECTIONS[@]}"; do ... done). While part of the stated purpose, this provides a large attack surface if user-controlled data is ever interpolated into these commands.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 07:42 PM