Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/explainer-video-guide/Gen Agent Trust Hub

explainer-video-guide

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill contains the command curl -fsSL https://cli.inference.sh | sh. Piping a remote script directly to a shell is a high-risk pattern as it allows for arbitrary code execution without prior inspection. The domain inference.sh is not on the list of trusted external sources.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill uses npx skills add inference-sh/skills@... to pull in additional external logic. These dependencies are unverified and reside outside of the defined trusted organizations list.
  • COMMAND_EXECUTION (LOW): The skill utilizes the infsh CLI tool via bash to perform various media generation tasks. While consistent with the skill's stated purpose, it involves executing localized commands based on the guide's instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 03:41 AM