video-ad-specs
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a command to fetch an installation script from the vendor's domain (
https://cli.inference.sh) and executes it by piping the output directly to the shell (| sh). This is the documented method for installing the vendor's CLI tool. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeinfshcommands for user authentication and running media generation applications. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates user-provided text into JSON payloads passed to remote media generation applications.
- Ingestion points: User prompts in
SKILL.mdare passed to apps likegoogle/veo-3-1-fastandbytedance/seedance-1-5-provia the--inputargument. - Boundary markers: The skill does not implement delimiters or provide explicit instructions to the agent to ignore embedded commands within user prompts.
- Capability inventory: The skill utilizes the
infshtool to perform network requests for video/audio generation and to execute media processing tasks. - Sanitization: There is no evidence of input validation or sanitization applied to prompt strings before they are processed by the tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata