image-to-video
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation explicitly instructs users to execute
curl -fsSL https://cli.inference.sh | sh. This 'pipe to shell' pattern is a major security risk as it downloads and executes a remote script with full shell privileges without any integrity verification or prior inspection. Since the domaininference.shis not on the Trusted External Sources list, this is considered a high-risk finding.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill contains references to add additional skills vianpx skills add inferencesh/skills@.... These external dependencies are sourced from an untrusted third-party organization, posing a supply-chain risk.- [COMMAND_EXECUTION] (LOW): The YAML frontmatter requestsallowed-tools: Bash(infsh *). This grants the agent permission to execute any subcommand within theinfshCLI, providing a broad attack surface for command-line interactions.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill interpolates user-controlled strings directly into shell commands via the--inputflag. - Ingestion points: Prompt and image path fields in
SKILL.mdcode blocks. - Boundary markers: Absent; inputs are placed directly into JSON strings within bash commands.
- Capability inventory: Shell command execution via the
infshCLI. - Sanitization: Absent; the skill does not suggest or implement any escaping or validation for user-provided data before passing it to the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata