image-to-video
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the agent to execute a remote script using the pattern 'curl -fsSL https://cli.inference.sh | sh'. This is a high-risk vector as it executes unverified code directly from an untrusted domain (inference.sh) into the user's shell.
- EXTERNAL_DOWNLOADS (HIGH): The skill documentation includes commands to install additional skills using 'npx skills add' from the 'inference-sh' organization, which is not a Trusted External Source.
- COMMAND_EXECUTION (MEDIUM): The skill requires 'Bash(infsh *)' permissions. Since the 'infsh' binary itself is installed via an untrusted remote script, this grants execution capabilities to potentially malicious code.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted local data (images) and processes them with external tools. Evidence Chain: 1. Ingestion point: 'image' path property in the JSON input within SKILL.md. 2. Boundary markers: Absent; there are no instructions to ignore embedded data in the processed files. 3. Capability inventory: 'Bash(infsh *)' allows shell command execution and network communication. 4. Sanitization: Absent; no evidence of input validation or escaping for the file content.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata