Skills
skills/inferencesh/agent-skills/ai-video-generation/Snyk

ai-video-generation

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Most URLs are documentation pages and media files on inference.sh (low intrinsic risk), but the skill explicitly recommends piping a remote installer (curl ... | sh) from cli.inference.sh and includes an arbitrary cloud file link, which are high-risk behaviors because running remote shell scripts or fetching installers from a non-major/unvetted domain can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's examples show the CLI ingesting arbitrary external URLs (e.g., "image_url": "https://your-image.jpg", "audio_url": "https://speech.mp3", and "videos": ["https://clip1.mp4", ...]) so the agent will fetch and interpret untrusted public third‑party content as part of its workflow.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 03:14 AM