p-video
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill restricts command execution to the infsh binary using the allowed-tools metadata. This implements the principle of least privilege by preventing the agent from executing arbitrary shell commands.
- [EXTERNAL_DOWNLOADS]: The skill references the vendor's official website (inference.sh) and uses placeholders for user-supplied media URLs. No unauthorized or suspicious external downloads were detected.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The infsh login command is a standard part of the vendor's authentication flow.
- [PROMPT_INJECTION]: The skill accepts user-provided text prompts for video generation, which is a potential surface for indirect prompt injection. This is an inherent risk of natural language processing tasks, and the skill uses structured JSON to mitigate accidental instruction confusion.
Audit Metadata