Skills
skills/inferencesh/skills/explainer-video-guide/Gen Agent Trust Hub

explainer-video-guide

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's 'Quick Start' and automated scan confirm the presence of a 'pipe to shell' pattern: curl -fsSL https://cli.inference.sh | sh. This command downloads an unverified script and executes it directly in the system shell, which is a primary vector for malware and system compromise.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The 'Related Skills' section uses npx skills add to install additional dependencies from inferencesh/skills. These are third-party packages from an unverified source, which increases the supply chain risk.
  • [COMMAND_EXECUTION] (LOW): The skill requests permission for Bash(infsh *), allowing the agent to run any subcommand of the infsh utility. While scoped, the utility itself is installed via a critical-risk method.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:16 AM