The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill documentation explicitly instructs the user or agent to execute curl -fsSL https://cli.inference.sh | sh. This is a classic remote code execution pattern that runs unverified scripts from a third-party domain directly in the shell environment. Although this is the primary installation method for the required infsh tool, the source is not among the defined trusted organizations.- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation process involves downloading binaries from dist.inference.sh. While the skill claims these are verified via SHA-256, the initial script performing the verification is itself retrieved over the network without prior local validation.- [COMMAND_EXECUTION] (MEDIUM): The skill defines and uses the infsh tool via the Bash tool. The security of these commands is entirely dependent on the integrity of the binary installed via the insecure method mentioned above.

google-veo