explainer-video-guide
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the agent to execute
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads a script from an untrusted remote server and pipes it directly into the shell for execution. This grants the remote source the ability to execute arbitrary commands on the host system. - EXTERNAL_DOWNLOADS (HIGH): The skill utilizes
npx skills addto fetch multiple external dependencies frominferencesh/skills. This source is not on the pre-approved trusted list, posing a supply-chain risk where malicious updates or compromised packages could be introduced. - COMMAND_EXECUTION (MEDIUM): The skill leverages a custom tool environment
infshto run various remote applications (e.g.,google/veo-3-1-fast,falai/dia-tts). While integrated into the workflow, this execution happens in a context where untrusted user input (video scripts) is directly passed to these tools. - PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: User-provided video scripts and prompts are interpolated into shell commands via the
--inputflag ininfshcalls. - Boundary markers: None. Input is placed directly inside JSON strings within bash commands.
- Capability inventory: The skill has full capability to execute bash commands, run remote apps, and modify/merge media files.
- Sanitization: No sanitization or escaping of the user-provided text is performed before it is passed to the execution environment.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata