Skills
skills/inference-sh-4/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill explicitly instructs the agent or user to execute curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it downloads a shell script from an untrusted source and executes it immediately with no integrity verification. An attacker compromising the inference.sh domain could execute arbitrary commands on the underlying host.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the use of npx skills add to install further dependencies from inference-sh/skills. These external modules are not part of the trusted organization list and could contain malicious logic or further insecure dependencies.
  • PROMPT_INJECTION (LOW): (Category 8
  • Indirect Prompt Injection)
  • Ingestion points: Untrusted data enters the skill through several JSON fields: image_url, audio_url, video_url, and text (for TTS).
  • Boundary markers: There are no boundary markers or instructions to the agent to treat these inputs as data rather than potential commands.
  • Capability inventory: The skill executes the infsh binary via the Bash tool, passing these untrusted inputs as arguments.
  • Sanitization: No evidence of sanitization or validation of the input strings is present in the skill's instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:09 PM