Skills
skills/inference-sh-8/skills/youtube-thumbnail-design/Gen Agent Trust Hub

youtube-thumbnail-design

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes an installation command (curl -fsSL https://cli.inference.sh | sh) that downloads a script from the vendor's domain. The documentation notes that the script detects OS/architecture and verifies checksums.
  • [REMOTE_CODE_EXECUTION]: The skill references the use of npx to install related skills from the inference-sh repository, which involves executing code from a remote registry.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run the infsh CLI. The execution environment is restricted via the allowed-tools frontmatter field to only permit commands starting with infsh *, which is a security best practice for limiting the agent's shell access.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 02:29 PM