Skills
skills/inference-sh-3/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a setup script from the vendor's official installation domain (cli.inference.sh).
  • [REMOTE_CODE_EXECUTION]: The skill uses the pattern curl | sh to install the vendor's CLI tool from their official domain. This is the documented installation method for the service.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the infsh CLI tool to run AI models for video and audio. This capability is restricted via the manifest's allowed-tools field.
  • [PROMPT_INJECTION]: The skill processes untrusted user input by interpolating natural language prompts into CLI command arguments.
  • Ingestion points: prompt fields within infsh app run commands (SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: Execution of the infsh CLI tool to run various AI models.
  • Sanitization: None identified.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 01:02 AM