image-to-video
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests downloading dependencies and using resources from 'inference-sh' and 'inference.sh'. These do not align with the author's specified naming pattern 'inferen-sh', indicating a potential typosquatting or impersonation risk.
- [REMOTE_CODE_EXECUTION]: The command
npx skills add inference-sh/skills@agent-toolsinstalls and executes code from a remote repository that does not match the author's verified prefix. This constitutes execution of code from an unverifiable external source. - [COMMAND_EXECUTION]: The skill utilizes the
Bash(infsh *)tool to execute commands through a CLI that may be associated with the mismatched 'inference.sh' domain. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through the
promptandimagefields within the provided bash command examples. - Boundary markers: No delimiters or instructions are present to prevent the agent from following commands embedded in the user-provided data.
- Capability inventory: The skill uses the
Bash(infsh *)capability, allowing for external tool execution and network communication. - Sanitization: No sanitization or validation of the input strings is performed before they are processed by the CLI tool.
Recommendations
- AI detected serious security threats
Audit Metadata