ai-video-generation
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains instructions to install a CLI tool using
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads a script from the internet and executes it directly in the shell without any integrity checks or verification. If the remote server is compromised, it can execute arbitrary malicious commands on the user's machine. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on software from
inference.sh, which is not on the list of trusted organizations or repositories. Downloading and running binaries from unverified sources poses a significant supply-chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill's metadata (
allowed-tools) explicitly permits the agent to run any command starting withinfsh. Because this binary is provided by an untrusted source via the aforementioned RCE pattern, this effectively grants the agent the ability to run unverified code as a primary function.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata