The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly recommends the command curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes a script from an untrusted external domain directly in the user's shell environment, allowing for full system compromise if the script is malicious.
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data (prompts, URLs) and has significant execution capabilities.
Ingestion points: The skill takes input through prompt, image_url, and audio_url fields in JSON payloads passed to the CLI.
Boundary markers: No boundary markers or delimiters are defined to separate instruction from data.
Capability inventory: The skill is granted Bash(infsh *) permissions, allowing it to execute arbitrary subcommands of the infsh tool, including login and running 40+ different remote models.
Sanitization: There is no evidence of input sanitization or validation before passing user-controlled strings into the bash environment.
[COMMAND_EXECUTION] (MEDIUM): The allowed-tools configuration uses a wildcard Bash(infsh *). This gives the agent permission to perform any action supported by the infsh binary, including credential management (infsh login) and listing/running arbitrary external applications, which exceeds the principle of least privilege.
[EXTERNAL_DOWNLOADS] (LOW): The skill initiates downloads of external media (images, audio) via URLs provided in the input, which are then processed by external AI models on the inference.sh platform.

ai-video-generation