ai-video-generation
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute a remote shell script via
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that allows a remote server to execute arbitrary code on the local system. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
inference.shCLI tool from an external source (cli.inference.sh) to enable its core functionality. - [COMMAND_EXECUTION]: The skill requires the
Bashtool withinfsh *permissions to run various AI model applications. This capability allows the agent to execute system-level commands as part of its normal operation. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its data handling practices.
- Ingestion points: User-provided prompts, image URLs, and audio URLs are interpolated directly into the JSON input for the
infshcommand inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the command templates to separate user data from instructions.
- Capability inventory: The skill possesses the capability to execute shell commands via
Bashto interact with external AI APIs and process media. - Sanitization: There is no evidence of escaping or validation performed on user-controlled strings before they are interpolated into the executable command line.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata