ai-avatar-video
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructions include
curl -fsSL https://cli.inference.sh | sh. This is a piped remote execution pattern that downloads and runs a script from a non-trusted source without integrity checks. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on binaries and scripts hosted at
inference.sh, which is not included in the Trusted External Sources list. This creates a dependency on an unverified third-party infrastructure. - [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of the
Bashtool to executeinfshcommands and usesnpxto dynamically install additional skills, which increases the potential impact of any compromised dependency. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from external URLs for images and audio files without input sanitization or boundary markers. While this is the intended use case, it presents a surface for tool output poisoning.
- Ingestion points:
SKILL.mdexamples show user-provided URLs passed as JSON strings toinfshCLI inputs. - Boundary markers: Absent. The agent is instructed to pass raw strings directly into CLI arguments.
- Capability inventory: The skill has access to the
Bashtool, allowing file system interaction and network requests. - Sanitization: Absent. There is no evidence of URL validation or shell argument escaping.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata