google-veo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains the command
curl -fsSL https://cli.inference.sh | sh, which downloads and executes a script directly from an untrusted third-party domain without verification. This pattern is a classic RCE vector. - External Downloads (HIGH): The documentation suggests installing additional logic using
npx skills add inferencesh/skills@..., which introduces unverified dependencies into the environment. - Indirect Prompt Injection (HIGH): The skill exposes a command-line interface (
infsh app run) that accepts arbitrary prompt input. If an agent populates these fields using untrusted data from the web or other sources, attackers can use the prompt to manipulate command arguments or the resulting output. - Ingestion points: Prompt values in
SKILL.mdexamples used ininfsh app runcommands. - Boundary markers: None. Data is interpolated directly into JSON/CLI arguments.
- Capability inventory:
Bash(infsh *)tool execution viaallowed-tools. - Sanitization: None provided; input is passed directly to the external CLI tool.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata