ai-video-generation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs users to run
curl -fsSL https://cli.inference.sh | sh. This is a dangerous remote code execution pattern. While primary to the skill's setup process, it involves piping unverified code from an untrusted source directly into the shell. - [EXTERNAL_DOWNLOADS] (MEDIUM): Code is downloaded and executed from
inference.sh, which is not a recognized trusted source under established safety protocols. - [COMMAND_EXECUTION] (LOW): The skill requires permission to execute the
infshcommand via the Bash tool, which is provided by the unverified remote script. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through processing external URLs. 1. Ingestion points: image_url and audio_url parameters in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: infsh execution via Bash. 4. Sanitization: None detected.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata