Skills
skills/inference-sh-8/skills/talking-head-production/Gen Agent Trust Hub

talking-head-production

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a shell script from the vendor's primary domain.\n
  • Evidence: curl -fsSL https://cli.inference.sh | sh is used to install the infsh CLI tool. This is a standard installation pattern for this vendor's infrastructure.\n- [COMMAND_EXECUTION]: The skill invokes the infsh command-line tool to perform video and audio generation tasks via remote AI models.\n
  • Evidence: Multiple instances of infsh app run in SKILL.md are used for running models such as falai/dia-tts and bytedance/omnihuman-1-5.\n
  • Context: The allowed-tools metadata restricts Bash execution scope to the infsh binary, providing a security boundary through least privilege.\n- [EXTERNAL_DOWNLOADS]: The skill references external AI model IDs and utilizes package managers to add related functionality.\n
  • Evidence: npx skills add inference-sh/skills@... is suggested for adding related skill sets.\n
  • Evidence: Identifiers like falai/dia-tts and bytedance/omnihuman-1-5 refer to external AI assets managed by the vendor and well-known service providers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 02:31 PM