Skills
skills/inf-sh/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill contains the instruction 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes a remote script directly in the system shell without verification. The domain 'inference.sh' is not a trusted source, making this a high-risk vector for arbitrary code execution.
  • EXTERNAL_DOWNLOADS (HIGH): The skill uses 'npx skills add inference-sh/skills@ai-video-generation' to install additional components. This pattern introduces unverified third-party dependencies into the agent's execution environment.
  • COMMAND_EXECUTION (MEDIUM): The skill requests 'allowed-tools: Bash(infsh *)', which grants the agent broad permission to execute subcommands of the 'infsh' tool. This is particularly dangerous given the insecure installation method of the tool itself.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 03:18 AM