Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the user to execute curl -fsSL https://cli.inference.sh | sh. This is a confirmed detection of a dangerous pattern that executes unverified code from a remote server with shell privileges, providing a direct path for arbitrary system access.\n- EXTERNAL_DOWNLOADS (HIGH): The skill utilizes npx skills add to fetch additional components from inference-sh/skills. Since inference-sh is not a trusted organization, this constitutes an unverifiable dependency risk with high potential for supply chain attack.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data (user-defined video prompts and scripts) and interpolates it into commands without sanitization or boundary markers.\n
  • Ingestion points: prompt and text arguments in infsh app run commands throughout SKILL.md.\n
  • Boundary markers: Absent; user input is directly embedded in JSON strings within shell commands.\n
  • Capability inventory: The skill can run arbitrary AI models (video, voice, merging) via the infsh CLI.\n
  • Sanitization: Absent; there is no escaping or validation of user-provided strings before command interpolation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:41 AM