Skills
skills/inferencesh/agent-skills/youtube-thumbnail-design/Gen Agent Trust Hub

youtube-thumbnail-design

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation includes a setup command curl -fsSL https://cli.inference.sh | sh. This is a dangerous pattern that executes an unverified script from a non-trusted domain directly in the user's shell.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references several external dependencies via npx skills add inferencesh/skills@.... These packages originate from an untrusted organization and have not been verified for safety.
  • [COMMAND_EXECUTION] (LOW): The skill is configured to allow Bash commands starting with infsh, which enables the agent to interact with the external CLI tool once installed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:47 PM