Skills
AGENT LAB: SKILLS
skills/inference-sh-4/skills/video-prompting-guide/Gen Agent Trust Hub

video-prompting-guide

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly recommends installing its command-line interface using the pattern curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous practice that executes unverified remote code with the current user's privileges without any prior inspection or integrity verification.
  • EXTERNAL_DOWNLOADS (HIGH): The skill references several external 'Related Skills' hosted on an untrusted domain (inference-sh/skills) via npx skills add. These represent unvetted dependencies that could introduce malicious code into the agent's environment.
  • COMMAND_EXECUTION (MEDIUM): The YAML frontmatter specifies allowed-tools: Bash(infsh *). This grants the agent the capability to run arbitrary commands using the infsh tool, which is the same tool installed via the untrusted remote script.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:12 PM