google-veo
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill promotes the 'curl | sh' pattern to install the inference.sh CLI. This allows an untrusted remote server to execute arbitrary code on the host system without prior inspection.
- EXTERNAL_DOWNLOADS (HIGH): Dependencies are fetched from https://cli.inference.sh, which is not among the verified trusted sources. The integrity of the downloaded content cannot be guaranteed.
- COMMAND_EXECUTION (MEDIUM): The skill's YAML frontmatter allows broad execution via Bash(infsh *). This configuration allows the agent to execute any subcommand and argument for the infsh utility, increasing the attack surface.
- PROMPT_INJECTION (LOW): The skill processes user-controlled input (prompts) and interpolates them into shell commands. 1. Ingestion points: --input JSON field in Bash tool calls. 2. Boundary markers: Absent. 3. Capability inventory: Execution of external infsh binary with network access. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata