image-to-video
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute a remote script directly in the shell using a pipe-to-shell command.
- Evidence:
curl -fsSL https://cli.inference.sh | shfound in the Quick Start section ofSKILL.md. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of a CLI binary and references additional external skill repositories.
- Evidence: Mentions downloading from
dist.inference.shand adding related skills frominference-sh/skillsusingnpxinSKILL.md. - [COMMAND_EXECUTION]: The skill requires permission to execute bash commands via the
infshtool to perform its primary functions. - Evidence:
allowed-tools: Bash(infsh *)defined in the YAML frontmatter ofSKILL.md. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection where untrusted data is interpolated into command arguments.
- Ingestion points: The
promptfield in variousinfsh app runcommands inSKILL.mdallows user-controlled input to be passed to the tool. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when processing the prompt input.
- Capability inventory: The
Bash(infsh *)capability allows the agent to execute a wide variety of inference applications based on the provided prompt. - Sanitization: No sanitization, escaping, or validation logic is defined for the prompt content before it is processed by the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata