google-veo
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation explicitly recommends installing the required tool using
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that allows a remote server to execute arbitrary code on the host machine without any integrity verification or user review. - EXTERNAL_DOWNLOADS (HIGH): The skill downloads and installs software from
inference.sh, which is not included in the list of trusted organizations or repositories. This introduces supply chain risk, as the source and security of theinfshbinary cannot be verified. - COMMAND_EXECUTION (MEDIUM): The skill utilizes the
Bash(infsh *)tool, granting the agent the ability to execute any subcommand available to theinfshCLI. If the CLI tool is compromised or contains vulnerabilities, this provides a direct path for malicious activities. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: User-provided prompts are directly interpolated into the JSON payload of the
infsh app runcommand within theSKILL.mdexamples. - Boundary markers: None. Prompts are placed inside standard JSON structures without specific delimiters or instructions for the agent to ignore malicious sub-commands.
- Capability inventory: The skill has the capability to execute system commands and likely interact with the network via the
infshbinary. - Sanitization: There is no evidence of input validation or escaping for the prompt data before it is passed to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata