Skills
skills/inferencesh/agent-skills/video-prompting-guide/Gen Agent Trust Hub

video-prompting-guide

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill contains a command pattern that pipes a remote script directly to a shell: curl -fsSL https://cli.inference.sh | sh. This allows for arbitrary code execution from a source outside the trusted list.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references multiple external dependencies hosted by inferencesh via npx skills add. These sources are not on the verified trusted organization list, posing a risk of supply chain attack or malicious package injection.
  • [COMMAND_EXECUTION] (MEDIUM): The skill defines allowed-tools: Bash(infsh *), which grants the agent permission to execute any subcommand of the infsh utility. Combined with the remote installation method, this provides a broad attack surface for unauthorized system operations.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:45 PM