image-to-video
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation includes the command
curl -fsSL https://cli.inference.sh | sh. This is a classic malicious pattern where a remote script is downloaded and piped directly into a shell interpreter. Because the source domain is not within the trusted scope, this poses a risk of arbitrary, unverified code execution on the host system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The 'Related Skills' section includes instructions to add several skills from the
inferencesh/skillsrepository vianpx. These represent unverified third-party dependencies from an untrusted source.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata