ai-avatar-video
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The installation instructions in
SKILL.mdsuggest runningcurl -fsSL https://cli.inference.sh | sh, which downloads and executes a shell script from an untrusted third-party domain, allowing for arbitrary code execution. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and executes unverified CLI tools and additional components via
npxwithout integrity verification or version pinning. - [COMMAND_EXECUTION] (MEDIUM): The skill requires permission to execute
infshcommands via the Bash tool, which provides a broad interface for interacting with remote services and local data. - [PROMPT_INJECTION] (HIGH): The skill exhibits a significant indirect prompt injection surface (Category 8). 1. Ingestion points: Untrusted inputs from
image_url,audio_url, andtextfields. 2. Boundary markers: Absent. 3. Capability inventory: Use ofinfshfor media generation and transcription. 4. Sanitization: Absent for external data and URLs. This vulnerability could allow malicious content embedded in media or text to compromise the downstream generation process.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata