Skills
skills/inf-sh/skills/video-prompting-guide/Gen Agent Trust Hub

video-prompting-guide

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The 'Quick Start' section in 'SKILL.md' instructs users to run curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script with shell privileges without prior inspection, representing a severe security risk from an unverified source.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill includes instructions to install multiple external dependencies using npx skills add inference-sh/skills@.... These packages are from a non-trusted third-party provider and introduce unverified code into the environment.
  • [COMMAND_EXECUTION] (MEDIUM): The allowed-tools field in the skill metadata permits the execution of any infsh command. This broad permission set provides a significant capability for an agent to perform operations on the host system via the external infsh utility.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:58 AM