Skills
skills/skillsh/skills/ai-video-generation/Gen Agent Trust Hub

ai-video-generation

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the infsh CLI for video generation and utility tasks. The skill implements the principle of least privilege by using the allowed-tools configuration to restrict shell access exclusively to the infsh command.
  • [EXTERNAL_DOWNLOADS]: The skill references external installation instructions and documentation from the vendor's domain (inference.sh) and GitHub repository (github.com/inference-sh). These downloads are necessary for the CLI tool that the skill is designed to interact with.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes user-supplied prompts and media URLs that are passed to external models.
  • Ingestion points: User-provided strings and URLs are accepted via the --input JSON payload in the infsh app run command examples (SKILL.md).
  • Boundary markers: The skill uses JSON structures to separate data from the CLI command arguments.
  • Capability inventory: The skill possesses the ability to execute shell commands (restricted to the infsh binary) via the Bash tool.
  • Sanitization: There is no evidence of input sanitization or validation within the skill instructions; it relies on the downstream platform to handle potentially malicious payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 09:03 AM