google-veo
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command that pipes a remote script from the vendor's domain to the shell (
curl -fsSL https://cli.inference.sh | sh). This is a documented and expected pattern for installing the inference.sh CLI utility required by the skill. - [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
infshcommands. These commands are used to authenticate with the service and run video generation models with user-provided prompts. - [EXTERNAL_DOWNLOADS]: The skill fetches configuration and binaries from the vendor's official distribution servers at
cli.inference.shanddist.inference.sh. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted user data into command-line arguments for the
infshtool. \n - Ingestion points: User-provided prompt strings used in the
--inputflag of theinfsh app runcommand inSKILL.md.\n - Boundary markers: The prompt is enclosed within a JSON string inside a single-quoted bash argument, providing basic structural separation.\n
- Capability inventory: Access to the
Bashtool with permissions to executeinfshcommands and related subcommands.\n - Sanitization: No explicit sanitization or filtering of the prompt content is performed within the skill code itself.
Audit Metadata