ai-avatar-video
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily uses the
infshCLI, which is the official tool provided by the vendor (inference-sh) to interface with their API and models. All provided bash commands likeinfsh login,infsh app run, andinfsh app listare standard for the platform's operation. - [SAFE]: The skill restricts command execution to the
infshbinary via theallowed-tools: Bash(infsh *)policy, ensuring the agent cannot execute arbitrary shell commands. - [SAFE]: References to external skill installations (
npx skills add) point to other verified repositories within the vendor's own namespace (inference-sh/skills). - [SAFE]: All data processing (audio and image URLs) is handled by the vendor's remote AI models. No local sensitive file access or unauthorized network exfiltration patterns were detected.
Audit Metadata