p-video
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
infshCLI tool for authentication (infsh login) and executing video generation applications (infsh app run). These operations are restricted to the authorizedinfshtool namespace. - [EXTERNAL_DOWNLOADS]: The documentation references the
inference.shplatform and suggests adding related functionality vianpx skills add. These resources are hosted on the vendor's official infrastructure or trusted package registries. - [PROMPT_INJECTION]: The skill processes user-supplied data such as text prompts, images, and audio URLs to generate video content. While this creates an indirect injection surface, the inputs are used as creative parameters for media generation models rather than executable logic, and the skill implements structured JSON boundaries for these parameters.
Audit Metadata