video-prompting-guide
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation encourages the execution of the command 'curl -fsSL https://cli.inference.sh | sh'. This 'pipe-to-shell' method downloads and executes a script from an external, untrusted source without prior verification, allowing for arbitrary code execution on the host system.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the 'infsh' command-line utility. This capability allows the agent to interact directly with the operating system and execute external binaries, which can be exploited if malicious commands are injected.
- [EXTERNAL_DOWNLOADS]: The skill initiates a network request to download a setup script from 'https://cli.inference.sh'. This domain is not recognized as a trusted organization or well-known service in the security framework and was specifically flagged as untrusted by automated scanners.
- [PROMPT_INJECTION]: The skill provides templates for generating video prompts that are interpolated directly into command-line arguments via the '--input' flag. This represents a vulnerability surface for indirect prompt injection. 1. Ingestion points: The input prompt strings used in 'infsh app run' examples in 'SKILL.md'. 2. Boundary markers: No delimiters or 'ignore instructions' warnings are provided to prevent the LLM from obeying instructions embedded within user-provided prompts. 3. Capability inventory: The skill is authorized to use the Bash tool. 4. Sanitization: There is no evidence of input escaping or validation before the data is processed by the external tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata