image-to-video
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill documentation explicitly instructs users to run
curl -fsSL https://cli.inference.sh | sh. This is a high-risk execution pattern that downloads and immediately runs an unverified script from the internet. If the remote server or domain is compromised, an attacker can execute arbitrary commands on the host machine. - External Downloads (HIGH): The installer is sourced from
https://cli.inference.sh, which is not a recognized trusted repository or organization (e.g., GitHub, Anthropic, Google). Downloading and executing binaries or scripts from unverified domains significantly increases the risk of supply chain attacks. - Indirect Prompt Injection (LOW): The skill processes external data (user-provided prompts and images) and passes them as arguments to the
infshCLI tool. This creates a vulnerability surface where malicious content embedded in data could potentially exploit the underlying tool. - Ingestion points: Data enters the system via the
promptandimagefields in JSON objects passed toinfsh app runwithinSKILL.md. - Boundary markers: None are present; inputs are interpolated directly into command arguments.
- Capability inventory: The skill uses the
Bash(infsh *)tool, which allows it to run complex command-line applications and process local files. - Sanitization: There is no evidence of input validation, escaping, or sanitization before passing strings to the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata