ai-avatar-video
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly instructs the agent to execute a remote script using the command
curl -fsSL https://cli.inference.sh | sh. This is a critical security vulnerability as it fetches and executes code from an untrusted external source (inference.sh) directly into the shell context without verification. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on an external binary and CLI tool hosted at
inference.sh, which is not a recognized trusted source. This poses a risk of supply chain attack or malicious binary distribution. - [COMMAND_EXECUTION] (HIGH): The skill requests broad shell permissions via
allowed-tools: Bash(infsh *). This enables the execution of any subcommand supported by the unverifiedinfshutility, including potential file system access or credential exfiltration during theinfsh loginstep. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external URLs for images, audio, and video (e.g.,
image_url,audio_url). While the current implementation uses these for media processing, the lack of sanitization or boundary markers at ingestion points creates a surface for potential metadata-based injection if the processing tools are exploitable.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata