google-veo
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill instructs the agent to execute a command that downloads a script from the internet and pipes it directly into the shell (
curl -fsSL https://cli.inference.sh | sh). This is a confirmed remote code execution pattern that allows a third-party server to run arbitrary code on the host system. - External Downloads (HIGH): The domain
inference.shis not included in the list of trusted external sources. Executing software from unverified sources is a high-risk activity that bypasses standard package management and security verification. - Command Execution (HIGH): The skill requests broad permissions to execute the
infshtool with any arguments (Bash(infsh *)). Since this tool is installed via an untrusted RCE pattern, granting the agent these permissions effectively allows it to interact with an unverified and potentially malicious executable. - Indirect Prompt Injection (LOW): The skill exposes a surface for indirect prompt injection via user-provided inputs.
- Ingestion points: User prompts are embedded within the JSON input for the
infsh app runcommand (e.g.,input.jsonor inline JSON strings). - Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from being influenced by instructions hidden within the video generation prompts.
- Capability inventory: The agent has permission to run the
infshcommand which communicates with external APIs and executes local logic. - Sanitization: There is no evidence of escaping or validation performed on the prompt before it is passed to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata