Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill instructs the execution of curl -fsSL https://cli.inference.sh | sh. This is a confirmed critical risk where a remote script is executed with shell privileges. The domain inference.sh is not a trusted source according to defined security policies, allowing for arbitrary code execution or system compromise.\n- External Downloads (HIGH): The skill uses npx skills add to download multiple dependencies from the inference-sh organization. As this organization is not on the trusted list, these packages constitute unverifiable remote code.\n- Indirect Prompt Injection (LOW): The skill processes untrusted external data through image_url and audio_url parameters.\n
  • Ingestion points: URLs passed to infsh app run in SKILL.md.\n
  • Boundary markers: None identified.\n
  • Capability inventory: The skill has Bash(infsh *) tool access, which can perform network and file operations.\n
  • Sanitization: No evidence of input sanitization or validation for the provided URLs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:41 AM