Skills
skills/neversight/skills_feed/video-ad-specs/Gen Agent Trust Hub

video-ad-specs

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The file SKILL.md explicitly includes the command curl -fsSL https://cli.inference.sh | sh. This is a classic piped remote execution pattern that allows an untrusted external source (inference.sh) to execute arbitrary commands on the host system without verification.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation suggests installing additional components from inferencesh/skills using npx. This source is not part of the trusted GitHub organizations or repositories list, posing a risk of unverifiable dependency injection.
  • [COMMAND_EXECUTION] (HIGH): The skill is configured with allowed-tools: Bash(infsh *), which grants the agent the capability to execute shell commands. When combined with the instructions to install and run third-party software from an untrusted source, this creates a high-risk execution environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 01:19 AM