google-veo
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly instructs the agent to run
curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes a script from an untrusted domain without validation, allowing for arbitrary code execution. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on external tools and additional skill sets hosted on
inference.sh, which is not a trusted source according to the safety guidelines. - COMMAND_EXECUTION (MEDIUM): The skill uses the
Bashtool to executeinfshcommands. This permission allows the agent to interact with the untrusted binary downloaded during the setup phase. - PROMPT_INJECTION (LOW): This finding identifies an indirect prompt injection surface. 1. Ingestion points: User-provided prompts in
infsh app runcommands withinSKILL.md. 2. Boundary markers: JSON formatting is used but no 'ignore embedded instructions' markers are present. 3. Capability inventory: Subprocess execution viaBash. 4. Sanitization: No input sanitization detected.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata