explainer-video-guide
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions direct users to download an installation script from
https://cli.inference.shand binaries fromdist.inference.sh. - [REMOTE_CODE_EXECUTION]: The Quick Start section includes the command
curl -fsSL https://cli.inference.sh | sh, which downloads and immediately executes remote code in the shell, allowing for arbitrary execution from the source. - [COMMAND_EXECUTION]: The skill requires the
Bash(infsh *)tool, enabling the execution ofinfshcommands to interact with third-party AI models and media processing services. - [REMOTE_CODE_EXECUTION]: The 'Related Skills' section suggests using
npx skills addto fetch and integrate additional skill packages from remote repositories, introducing further external code dependencies.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata